This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated Sensitive Information Disclosure. π₯ **Consequences**: Attackers can steal site secrets without logging in.β¦
π‘οΈ **CWE**: CWE-200 (Information Exposure). π **Flaw**: The `includes` function in `redux-core/class-redux-core.php` registers AJAX actions that are predictable.β¦
π **Threshold**: LOW. π **Auth**: No authentication needed. βοΈ **Config**: Exploitation is easy because the AJAX action names are deterministic (MD5 hash based) and predictable using known salts.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Exploit**: YES. Multiple Python PoCs available on GitHub (e.g., `orangmuda`, `phrantom`, `c0ff33b34n`). π **Wild Exploitation**: High risk due to simplicity and widespread installation.β¦
π **Check**: Scan for the specific AJAX endpoints generated by the MD5 hash logic. π‘ **Features**: Look for `admin-ajax.php` calls with predictable parameters derived from the site URL + `-redux` salt.β¦
π§ **Workaround**: If patching is delayed, restrict access to `admin-ajax.php` via WAF rules. π« **Block**: Block requests containing the specific predictable AJAX action names derived from the site URL hash.β¦
β‘ **Priority**: HIGH. π **Urgency**: Critical due to 1M+ affected sites and zero-auth requirement. π **Action**: Patch immediately to prevent reconnaissance by attackers. Don't wait!