Form Lightbox - Arbitrary Option Update Leading to Admin Account

Sign up to our free email alerts service for instant vulnerability notifications!

Description 
This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access.
Proof of Concept 
Using the file ajax.php that contains the following line: update_option( $_POST['update'], $_POST['value']); an attacker can change the admin email option and ask for a lost password and create an admin account.

Affects Plugin

form-lightbox

References

URL https://github.com/mart123p/wordpress-form-lightbox/commit/86419ffb5d847b47386049145fe0cbd4b0e93b23
URL http://www.myphpmaster.com/form-lightbox/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Martin Pouliot
Views 430
Verified No
WPVDB ID 8557

Timeline

Publicly Published 2016-07-19 (almost 2 years ago)
Added 2016-07-19 (almost 2 years ago)
Last Updated 2016-07-19 (almost 2 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.