WordPress Plugin Vulnerabilities

Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

Description

These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions (23) that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions.

Proof of Concept

Affects Plugins

Plugin icon
responsive-add-ons
Fixed in 2.2.6

References

CVE
CVE-2020-12073
URL
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
No
WPVDB ID
d776586c-5b31-482e-b209-a89c9873f21d

Timeline

Publicly Published
2020-03-18 (about 6 years ago)
Added
2020-03-18 (about 6 years ago)
Last Updated
2020-04-24 (about 6 years ago)

Other

Published
Title
Published
2014-06-26
Title
JSON REST API 1.1 - JSONP SOP Bypass
Published
2022-08-29
Title
Site Offline < 1.5.3 - Access Bypass
Published
2022-07-12
Title
WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
Published
2023-07-27
Title
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
Published
2017-03-06
Title
WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation