WordPress Networker theme <= 1.1.9 - Improper Access Control Allowing Unauthenticated Modification of Display location of any menu
Exploit Title | WordPress Networker theme <= 1.1.9 - Improper Access Control Allowing Unauthenticated Modification of Display location of any menu |
Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
Date | January 26, 2024 |
Theme Link | https://themeforest.net/item/networker-tech-news-wordpress-theme-with-dark-mode/28749988 |
Version | 1.1.9 (latest version at time of vulnerability discovery) |
Tested on | Wordpress 6.4.3 |
Vulnerable Endpoint | /wp-admin/admin-ajax.php?action=csco_reload_menu |
Vulnerable File | networker/inc/mega-menu.php#L86 |
CVE | Not assigned yet |
Remove following from line 86 of wp-content/themes/networker/inc/mega-menu.php
so that action is not accessible without authentication.
add_action( 'wp_ajax_nopriv_csco_reload_menu', array( $this, 'admin_reload_nav_menu' ) );