- December 1, 2016 at 7:23 am #11068
I would like to get a status update regarding this potential exploit… I just purchased this Plugin and was starting to configure when I got an alert about a potential exploit.
An Authentication RCE vulnerability was reported on this plugin
ajax-search-pro 4.9.8 – 0 more info
Ajax Search Pro – Authenticated RCE
Sign up to our free email alerts service for instant vulnerability notifications!
Affected versions unknown.
Proof of Concept:
This will register an administrator with username “xADMIN” and password “xPASS”:
POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput
With POST data:
OWASP Top 10 A1: Injection
Submitter A. Samman
Submitter Twitter Evex_1337
WPVDB ID 7859
Publicly Published 2015-03-18 (over 1 year ago)
Added 2015-03-21 (over 1 year ago)
Last Updated 2016-04-24 (7 months ago)
Copyright & License
Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.December 1, 2016 at 8:36 am #11069
It has been fixed a very long time ago, they messaged me before publishing the report so a fix was released before that.Best,
If you like my products, don't forget to rate them on codecanyon :)
December 1, 2016 at 7:30 pm #11086
Perhaps you can submit a note back to them so that they can mark it fixed, and close it. I know that if the next developer/admin comes along to check logs and sees that flagged, they will likely contact you, too.
We run clean green on our servers. A vulnerability or exploit mark is typically grounds for removal, or we look to help fix them.
Thanks for replying so quickly!December 1, 2016 at 7:41 pm #11088
You must be logged in to reply to this topic.