.. / CVE-2023-32117

Exploit for Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints (CVE-2023-32117)

Description:

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.

Nuclei Template

View the template here CVE-2023-32117.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-32117.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-32117
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integrate-google-drive/integrate-google-drive-1199-missing-authorization-via-rest-api-endpoints
https://github.com/RandomRobbieBF/CVE-2023-32117