Proof of Concept for CVE-2021-38314 (Redux Framework)
In order to understand this bug I first read through the Wordfence blog post and then read through through the Redux Framework source code to fill in the gaps. I also installed Wordpress with this plugin so that I didn’t have to test things blindly.
The relevant code is in inc/class.redux_instances.php. The first hook I looked at is this one:
$hash = md5( trailingslashit( network_site_url() ) . '-redux' ); add_action( 'wp_ajax_nopriv_' .
2021-10-04