CVE-2023-37999
published 2024-05-17CVE-2023-37999: Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.04%
85.9th percentile
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hasthemes | ht_mega | < 2.2.1 | 2.2.1 |
| hasthemes | ht_mega | n/a – 2.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to the htmega_ajax_register AJAX action with reg_role=administrator in the body, indicating privilege escalation exploitation attempts. ↗
- →A successful exploitation response contains the string 'Successfully Register' with HTTP 200, followed by a successful login to /wp-login.php yielding a 302 redirect with 'wordpress_logged_in' and '/wp-admin' in the Set-Cookie/Location headers. ↗
- →Monitor for the presence of the reg_role parameter set to 'administrator' in POST bodies sent to admin-ajax.php, as the vulnerability stems from missing validation of this parameter in htmega_ajax_register. ↗
- →Scan for WordPress sites with the HT Mega plugin installed by fingerprinting the path /wp-content/plugins/ht-mega-for-elementor. ↗
- ·The vulnerability affects HT Mega plugin versions up to and including 2.2.0 only; patched versions are not vulnerable. ↗
- ·The attack requires no authentication (unauthenticated), meaning no session cookie or nonce is needed, making it exploitable by any remote attacker against exposed WordPress instances. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x43h-289c-p8r5: Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation
ghsa_unreviewed·2024-05-17
CVE-2023-37999 [CRITICAL] CWE-269 GHSA-x43h-289c-p8r5: Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
VulnCheck
HasThemes HT Mega Priviledge Escalation
vulncheck·2023·CVSS 9.8
CVE-2023-37999 [CRITICAL] HasThemes HT Mega Priviledge Escalation
HasThemes HT Mega Priviledge Escalation
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
Affected: HasThemes HT Mega
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability
No detection rules found.
Nuclei
HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
nuclei·CVSS 9.8
CVE-2023-37999 [CRITICAL] HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the reg_role parameter on the htmega_ajax_register function. This makes it possible for unauthenticated attackers to create administrator accounts.
Template:
id: CVE-2023-37999
info:
name: HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
author: daffainfo
severity: critical
description: |
The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the reg_role parameter on the htmega_ajax_register function.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
2024-05-17
Published
Exploited in the wild