Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress WP Marketplace 输入验证错误漏洞
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WP Marketplace是使用在其中的一个电子商务插件。 WordPress WP Marketplace 2.4.0版本中的wpmarketplace/libs/cart.php文件的‘ajaxinit’函数存在安全漏洞。远程攻击者可通过向wpmp_pp_ajax_call发送请求利用该漏洞创建任意用户并获取管理员权限。
CVSS Information
N/A
Vulnerability Type
N/A