Greeklish-permalink < 3.5 – Unauthenticated Post Slug Update | CVE 2023-2495 | Plugin Vulnerabilities

Description

The plugin does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

Proof of Concept

1. Create a post with the name "Νέα ανάρτηση".

2. Visit the post and notice that the permalink uses the Greek characters.

3. In an unauthenticated browser session, run the following code: fetch('/wp-admin/admin-ajax.php?action=cyrtrans_ajax_old', {method: 'POST'})

4. Visit the post again, and notice that the permalink now uses Latin characters.

Affects Plugins

greeklish-permalink

Fixed in 3.5

References

CVE

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Jonas Höbenreich

Submitter

Jonas Höbenreich

Submitter website

https://www.jonh.eu/

Verified

Yes

WPVDB ID

45878983-7e9b-49c2-8f99-4c28aab24f09

Timeline

Publicly Published

2023-06-19 (about 2 years ago)

Added

2023-06-19 (about 2 years ago)

Last Updated

2023-08-15 (about 2 years ago)

Other

Published

Title

Published

2020-03-11

Title

Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation

Published

2019-08-09

Title

ND Restaurant Reservations < 1.5 - Unauthenticated Options Change

Published

2020-02-17

Title

wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation

Published

2024-02-17

Title

Login as User or Customer <= 3.8 - Admin Account Takeover

Published

2025-05-30

Title

PSW Front-end Login & Registration <= 1.12 - Unauthenticated Account Takeover/Privilege Escalation