CVE-2014-9013

HIGH

WP Marketplace <2.4.0 - Privilege Escalation

Title source: llm

Description

The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.

Exploits (2)

exploitdb WORKING POC

by Claudio Viviani · pythonwebappsphp

https://www.exploit-db.com/exploits/36490

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/36466

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/36490/

Scores

CVSS v3 8.8

EPSS 0.1774

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

wpmarketplace_project/wpmarketplace 2.4.0

Published Nov 06, 2019

Tracked Since Feb 18, 2026