This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Critical flaw in ListingPro Theme (< v2.6.1). π **Consequences**: Unauthenticated attackers can install, activate, or deactivate ANY WordPress plugin. Total server compromise risk! π₯
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Missing capability check (CWE-862). π **Flaw**: The `lp_cc_addons_actions` function lacks proper authorization validation. No permission gate! πͺπ«
π΅οΈ **Hackers Can**: Install malicious plugins. β‘ Activate them for immediate execution. ποΈ Deactivate security plugins. π **Data**: Full read/write access via plugin code execution!
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: VERY LOW. π« **Auth**: None required (Unauthenticated). βοΈ **Config**: Default settings vulnerable. Anyone can exploit it! πββοΈπ¨
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: YES. π **PoC**: Available via Nuclei templates (ProjectDiscovery). π **Wild Exploitation**: High risk due to ease of use. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for ListingPro theme version. π§ͺ **Tool**: Use Nuclei template `CVE-2020-36719.yaml`. π **Feature**: Check if `lp_cc_addons_actions` is exposed without auth.