Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
joe_hills
on June 26, 2018
|
parent
|
context
|
favorite
| on:
Unpatched WordPress vulnerability allows code exec...
Some sites have plugins that allow users to create accounts with minimal permissions.
An attacker could create such an account, then abuse a legitimate nonce to delete files.
jajern
on June 26, 2018
|
next
[–]
Not sure why someone would do this, but even without a plugin you can go to General Settings and set New User Default Role to Author. This would give any new accounts the ability to exploit this.
claudiulodro
on June 26, 2018
|
prev
[–]
Yeah, I didn't notice the video in the article with the proof-of-concept demonstrates this. Thanks.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
An attacker could create such an account, then abuse a legitimate nonce to delete files.