Skip to content

[Bug] Pro Features Lock Bypass #973

New issue
New issue
Closed
#975
#974
Closed
[Bug] Pro Features Lock Bypass#973
#975
#974
Assignees
girishpanchal30
Labels
bugThis label could be used to identify issues that are caused by a defect in the product.releasedIndicate that an issue has been resolved and released in a particular version of the product.
@0xshdax

Description

@0xshdax
0xshdax
opened on Jan 11, 2023

Description:

The plugin does not properly lock its Pro features which could allow low users such as contribute to bypass the restriction and use them.

How to reproduce:

  1. Log-In user contribute+
  2. Add a new Library (Visualizer > Add New)
  3. Choose a library (Example: Line)
  4. When the next click there is a request like the image below.

image

  1. Change the value in the parameter type to bubble

nonce=65c812e22e&type=bubble&chart-library=GoogleCharts

  1. If the value has been changed as above, then create a chart.

image

Example a post with a shortcode

image

image

Reference:

https://wpscan.com/vulnerability/60eb1d98-8bf9-495c-bac8-fe46cd9f97df

Technical info

  • WordPress version: 6.1.1
  • Plugin version: 3.9.3

Metadata

Metadata

Assignees

Labels

bugThis label could be used to identify issues that are caused by a defect in the product.releasedIndicate that an issue has been resolved and released in a particular version of the product.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions