CVE-2021-47932— WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated

WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action with tcp_role set to administrator to gain full administrative access without authentication.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

授权机制缺失

WordPress plugin TheCartPress 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin TheCartPress 1.5.3.6版本存在安全漏洞，该漏洞源于未经身份验证的权限提升漏洞，允许攻击者通过向AJAX处理程序提交特制请求创建管理员账户，攻击者可以向tcp_register_and_login_a

N/A

N/A