SB2019012801 - Privilege escalation in Total Donations plugin for WordPress

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019012801

SB2019012801 - Privilege escalation in Total Donations plugin for WordPress

Published: January 28, 2019

Security Bulletin ID SB2019012801
Severity
High
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Privilege escalation (CVE-ID: CVE-2019-6703)

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to improper access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin. A remote attacker can send requests to wp-admin/admin-ajax.php, call the miglaA_update_me action to change arbitrary options and gain administrative access to affected WordPress sites.

Successful exploitation of the vulnerability may result in site takeover.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References