automatic module_metadata_base.json update

2018-11-29 11:43:11 -08:00 · 2018-11-29 11:43:11 -08:00 · 0f1923fc9a
parent 88ca775fd3
commit 0f1923fc9a
1 changed files with 50 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -3913,6 +3913,56 @@
    "notes": {
    }
  },
+  "auxiliary_admin/http/wp_gdpr_compliance_privesc": {
+    "name": "WordPress WP GDPR Compliance Plugin Privilege Escalation",
+    "full_name": "auxiliary/admin/http/wp_gdpr_compliance_privesc",
+    "rank": 300,
+    "disclosure_date": "2018-11-08",
+    "type": "auxiliary",
+    "author": [
+      "Mikey Veenstra (WordFence)",
+      "Thomas Labadie"
+    ],
+    "description": "The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set\n        wordpress administration options by overwriting values within the database.\n\n        The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized\n        users to trigger handlers and make configuration changes because of a failure to do\n        capability checks when executing the 'save_setting' internal action.\n\n        WARNING: The module sets Wordpress configuration options without reading their current\n        values and restoring them later.",
+    "references": [
+      "URL-https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/",
+      "CVE-2018-19207",
+      "WPVDB-9144"
+    ],
+    "is_server": false,
+    "is_client": false,
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2018-11-29 06:35:37 +0000",
+    "path": "/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb",
+    "is_install_path": true,
+    "ref_name": "admin/http/wp_gdpr_compliance_privesc",
+    "check": true,
+    "post_auth": true,
+    "default_credential": true,
+    "notes": {
+      "SideEffects": [
+        "config-changes"
+      ]
+    }
+  },
  "auxiliary_admin/http/wp_symposium_sql_injection": {
    "name": "WordPress Symposium Plugin SQL Injection",
    "full_name": "auxiliary/admin/http/wp_symposium_sql_injection",