WordPress Plugin Vulnerabilities

TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update

Description

The plugin does not have any CSRF and authorisation checks in the save_checkbox AJAX action, available to any authenticated users, allowing any authenticated user, such as subscriber to update arbitrary settings from the plugin. Due to the lack of escaping, it could lead to Stored Cross-Site Scripting issues

Proof of Concept

Affects Plugins

Plugin icon
trustmate-io-integration-for-woocommerce
Fixed in 1.8.12

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.6 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
26991be6-2846-4b2c-add4-728f9f06844a

Timeline

Publicly Published
2022-01-03 (about 4 years ago)
Added
2022-01-03 (about 4 years ago)
Last Updated
2022-01-03 (about 4 years ago)

Other

Published
Title
Published
2021-10-18
Title
QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
Published
2021-10-26
Title
HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset
Published
2024-05-21
Title
UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation
Published
2022-07-26
Title
WPGraphQL WooCommerce < 0.12.4 - Unauthenticated Coupon Codes Disclosure
Published
2024-01-23
Title
illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion