CVE-2014-9013

EPSS 47.9%

The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencewww.exploit-db.com/exploits/36490/unverified exploitdbwww.exploit-db.com/exploits/36466unverified exploitdbwww.exploit-db.com/exploits/36490unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/36490/