ET WEB_CLIENT Attempted WordPress GDPR Plugin Privilege Escalation M2 (Set as Administrator)

SID: 2026606Rev: 20 views
History
Sourceet/open
CreatedNovember 13, 2018
UpdatedAugust 27, 2020
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_CLIENT Attempted WordPress GDPR Plugin Privilege Escalation M2 (Set as Administrator)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/admin-ajax.php"; http.request_body; content:"action=wpgdprc_"; fast_pattern; content:"default_role|22|,|22|value|22 3a 22|administrator"; distance:0; reference:url,www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/; classtype:attempted-admin; sid:2026606; rev:2; metadata:affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2018_11_13, deployment Perimeter, performance_impact Low, signature_severity Major, tag PrivilegeEsc, updated_at 2020_08_27;)

References

urlwww.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/

Metadata

affected productWordpress_Plugins
attack targetWeb_Server
created at2018_11_13
deploymentPerimeter
performance impactLow
signature severityMajor
tagPrivilegeEsc
updated at2020_08_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!