Incorrect Access Control in Swape Theme for WordPress Allows Unauthorized Administrator Account Creation via xmlPath

Incorrect Access Control in Swape Theme for WordPress Allows Unauthorized Administrator Account Creation via xmlPath

CVE-2018-21013 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.

Learn more about our Wordpress Pen Testing.