WP Content Copy Protection & No Right Click < 3.1.5 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

N/A

授权机制不恰当

WordPress plugin WP Maintenance Mode & Site Under Construction 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP Maintenance Mode & Site Under Construction 1.8.2之前版本存在安全漏洞，该漏洞允许低权限用户从WordPress库中安装任何插件(包括一个特定版本)，以及激活任意插件。

N/A

N/A