WordPress Plugin Vulnerabilities

Mashshare <= 2.3.0 - Information Disclosure

Description

The Mashshare plugin exposes a few AJAX commands via its own custom hook, which can be found in the file ‘includes/admin/admin-actions.php’, and the function ‘mashsb_process_actions’. This function is called upon the ‘admin_init’ action being fired, which can be triggered by anyone when visiting the admin AJAX handler. Coupled with the fact that there is no checking of user privilege on this function means that anonymous users are able to trigger certain functions intended for Administrative use only.

Proof of Concept

Affects Plugins

Plugin icon
mashsharer
Fixed in 2.3.1

References

URL
https://g0blin.co.uk/g0blin-00045/
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_mashshare_info_disclosure.rb

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
7adb9d5c-1c98-4760-bee3-35d21244717f

Timeline

Publicly Published
2015-04-17 (about 11 years ago)
Added
2015-04-25 (about 11 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2025-11-10
Title
Hydra Booking < 1.1.28 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation
Published
2014-06-26
Title
JSON REST API 1.1 - JSONP SOP Bypass
Published
2025-01-03
Title
reCaptcha by BestWebSoft < 1.79 - CAPTCHA Bypass
Published
2023-01-30
Title
PrivateContent < 8.4.4 - Brute Force Protection Bypass
Published
2021-06-07
Title
Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass