Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-4939 PoC — WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

Source
https://github.com/BaconCriCRi/PoC-CVE-2022-4939-
Associated Vulnerability
Title:WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation (CVE-2022-4939)
Description:THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.
Readme
# PoC-CVE-2022-4939

The attacker sends a specially crafted request to the wp_ajax_nopriv_wcfm_ajax_controller AJAX action to modify the membership registration form and set the registration role to that of an administrator. Then, the plugin processes the request and modifies the membership registration form to allow users to register with the role of an administrator. 
The attacker can register as a new user with the administrator role by submitting the modified membership registration form.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →