Simple Admin Language Change < 2.0.2 – Arbitrary User Locale Change

Description

The plugin did not have proper capability and CSRF checks in its change_user_locale AJAX action, and was also affected by an IDOR issue, allowing any authenticated user to change the locale of another user.

v2.0.1 fixed the authorisation and IDOR but still had an incorrect CSRF logic which was fixed in 2.0.2

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=change_user_locale&=&user_id=1&lang=en_US

Affects Plugins

simple-admin-language-change

Fixed in 2.0.2

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

2411d7d8-3c1f-4d0a-98cb-050a7adf04e5

Timeline

Publicly Published

2021-05-05 (about 4 years ago)

Added

2021-05-05 (about 4 years ago)

Last Updated

2021-05-05 (about 4 years ago)

Other

Published

Title

Published

2021-09-20

Title

WP Import Export Lite < 3.9.5 - Subscriber+ Arbitrary Blog Options Update

Published

2020-09-22

Title

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

Published

2021-12-23

Title

Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation

Published

2024-02-26

Title

Restrict User Access – Ultimate Membership & Content Protection < 2.6 - Information Exposure

Published

2021-04-20

Title

Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions