Unauthorized Access to Arbitrary Shortcodes via wp_ajax_nopriv_shortcode_Api_Add AJAX Action
CVE-2024-9061

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
WP Popup Builder
Vendor
CVE Published:
16 October 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The WP Popup Builder plugin for WordPress is susceptible to arbitrary shortcode execution due to insufficient validation in the wp_ajax_nopriv_shortcode_Api_Add AJAX action. This vulnerability affects all versions prior to 1.3.6, allowing unauthenticated attackers to run arbitrary shortcodes, compromising site integrity and security. Although version 1.3.5 implemented a nonce check, which offered partial mitigation, only version 1.3.6 incorporates the necessary authorization checks to fully secure the function.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9061
Created by RandomRobbieBF

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3166506/wp-p...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

.