WordPress Plugin Vulnerabilities
ImageMagick-Engine < 1.7.6 - Command Injection via CSRF
Description
The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=ime_test_im_path&cli_path=payload
Affects Plugins
References
Classification
Type
COMMAND INJECTION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
ABDO10
Verified
No
WPVDB ID
Timeline
Publicly Published
2022-10-18 (about 1 years ago)
Added
2022-10-19 (about 1 years ago)
Last Updated
2022-10-27 (about 1 years ago)