Jump to content

WordPress Fraction Theme 1.1.1 Privilege Escalation

Recommended Posts

WordPress Fraction Theme 1.1.1 Previlage Escalation

[-] Theme Link:


[-] Affected Version:

Version: 1.1.1

[-] Vulnerability Description:

This vulnerability allows an attacker to escalate privileges on the site
and have an admin account which may lead to a full site takeover
the vulnerability is in /fraction-theme/functions/ajax.php there is this
function called "ot_save_options":

function ot_save_options() {
$fields = $_REQUEST;
foreach($fields as $key => $field) {
if($key!="action") {

passing user input into the update_option function allows an attacker to
update options like users_can_register,default_role.... etc
this can be accessed via ajax by users and non-users:

add_action('wp_ajax_nopriv_ot_save_options', 'ot_save_options');
add_action('wp_ajax_ot_save_options', 'ot_save_options');

[-] Proof of Concept:

this will enable user registration

[-] Timeline:
09 March - Vendor Notified
09 March - Vendor Replied
10 March - Fix Released
10 March - Public Disclosure

[-] References:


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...