HTTP: WordPress Total Donations Plugin Remote Code Execution
This signature detects attempts to exploit a known vulnerability against WordPress Total Donations. A successful attack can lead to arbitrary code execution.
Extended Description
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Affected Products
Calmar-webmedia total_donations
References
CVE: CVE-2019-6703
Short Name
HTTP:PHP:WP-TOTAL-PLUGIN-RCE
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2019-6703 Code Donations Execution Plugin Remote Total WordPress
Release Date
06/16/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Calmar-webmedia
CVSS Score
7.5