WordPress Plugin Vulnerabilities

Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement

Description

The Crayon Syntax Highlighter plugin allows access to the AJAX method 'crayon-theme-editor-save' to any registered user. When called, the AJAX method ‘crayon-theme-editor-save’ will call the 'save' function within the CrayonThemeEditorWP class, defined in 'crayon-syntax-highlighter/util/theme-editor/theme_editor.php'. An attacker can craft the user provided parameters in such a way that it becomes possible to overwrite base themes with arbitrary CSS.

Proof of Concept

Affects Plugins

Plugin icon
crayon-syntax-highlighter
Fixed in 2.7.0

References

URL
https://g0blin.co.uk/g0blin-00044/

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
4bc495fe-dd93-4828-9038-c10833c8fe36

Timeline

Publicly Published
2015-04-20 (about 11 years ago)
Added
2015-04-20 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2023-10-24
Title
YOP Poll < 6.5.29 - Reusable Captcha via validateImage
Published
2022-08-31
Title
Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
Published
2025-11-10
Title
Hydra Booking < 1.1.28 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation
Published
2026-05-08
Title
Simple Cloudflare Turnstile < 1.38.1 - Unauthenticated CAPTCHA Bypass via Session Replay
Published
2023-10-03
Title
Captcha/Honeypot for Contact Form 7 < 1.11.4 - Captcha Bypass