WordPress Plugin Vulnerabilities
Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call
Description
Security nonce leak, allowing any authenticated users (such as subscribers) to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call.
Note (WPScanTeam): We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation, instead of proper authorisation verification with the current_user_can() function. However, it would require chaining with other issues to be exploited.
Affects Plugins
References
Miscellaneous
Original Researcher
Jerome Bruandet (nintechnet.net)
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-07-06 (about 3 years ago)
Added
2020-07-06 (about 3 years ago)
Last Updated
2023-11-03 (about 6 months ago)