WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

Description

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.

Proof of Concept

On any website where flo-launch is active create cookie "flo_custom_table_prefix" with any string value to initiate new WordPress instance setup.

Complete setup and login as admin.

Affects Plugins

flo-launch
Fixed in version 2.4.1

References

CVE
CVE-2022-0541

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website
https://daniel-ruf.de
Verified

Yes

WPVDB ID
822cac2c-decd-4aa4-9e8e-1ba2d0c080ce

Timeline

Publicly Published

2022-03-29 (about 3 months ago)

Added

2022-03-29 (about 3 months ago)

Last Updated

2022-04-11 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin