The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection
References
Link | Resource |
---|---|
https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-08T17:34:49
Updated: 2021-11-08T17:34:49
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24626
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-08T18:15:08.380
Modified: 2022-11-09T21:43:11.767
Link: CVE-2021-24626
JSON object: View
Redhat Information
No data.