cve/CVE-2022-3879.md at f1f1f9a798d36fa0748d135c6fe5299cdbcc69fb

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-01 11:10:36 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

POC

Reference

https://wpscan.com/vulnerability/0db1762e-1401-4006-88ed-d09a4bc6585b

Github

https://github.com/1-tong/vehicle_cves
https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves

1.1 KiB Raw Blame History

CVE-2022-3879

Description

POC

Reference

Github

1.1 KiB

Raw Blame History