Vulnerabilities > CVE-2019-6703 - Unspecified vulnerability in Calmar-Webmedia Total Donations

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

calmar-webmedia

NVD

Published: 2019-01-27

Updated: 2020-08-24

Summary

Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.

Vulnerable Configurations

Part	Description	Count
Application	Calmar-Webmedia Calmar Webmedia Total Donations *	1

References

https://wpvulndb.com/vulnerabilities/9208
https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/