CVE-2019-6703
published 2019-01-27CVE-2019-6703: Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers…
PriorityP184critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.08%
97.7th percentile
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calmar-webmedia | total_donations | <= 2.0.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /wp-admin/admin-ajax.php containing the 'miglaA_update_me' action parameter, which indicates exploitation of the Total Donations plugin arbitrary options update vulnerability. ↗
- →Fingerprint vulnerable installations by probing /wp-content/plugins/total-donations/readme.txt and extracting the 'Stable tag' version; versions below 2.0.6 are vulnerable. ↗
- →Use FOFA/Shodan body-search query body="/wp-content/plugins/total-donations/" to identify internet-exposed WordPress sites running the vulnerable Total Donations plugin. ↗
- →Monitor WordPress option changes for 'users_can_register' being set to enabled and 'default_role' being set to 'administrator', which are the post-exploitation indicators of this attack. ↗
- ·The vulnerability affects Total Donations plugin versions through 2.0.5 only; version 2.0.6 and above are not affected. Version-check logic should use a strict less-than comparison against 2.0.6. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47jw-726h-2367: Incorrect access control in migla_ajax_functions
ghsa_unreviewed·2022-05-13
CVE-2019-6703 [CRITICAL] GHSA-47jw-726h-2367: Incorrect access control in migla_ajax_functions
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
VulnCheck
Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress migla_ajax_functions.php Security Bypass
vulncheck·2019·CVSS 9.8
CVE-2019-6703 [CRITICAL] Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress migla_ajax_functions.php Security Bypass
Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress migla_ajax_functions.php Security Bypass
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Affected: calmar-webmedia total_donations
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitat
No detection rules found.
Nuclei
Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
nuclei·CVSS 9.8
CVE-2019-6703 [CRITICAL] Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Template:
id: CVE-2019-6703
info:
name: Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
author: DhiyaneshDK
severity: critical
description: |
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia T
No writeups or analysis indexed.
https://wpvulndb.com/vulnerabilities/9208https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/https://wpvulndb.com/vulnerabilities/9208https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/
2019-01-27
Published
Exploited in the wild