WordPress Plugin Vulnerabilities

WP Import Export Lite < 3.9.5 - Subscriber+ Arbitrary Blog Options Update

Description

The plugin does not have any CSRF and authorisation checks done in the wpie_ext_save_extension_data AJAX action, nor do perform any validation on the option to be updated. As a result, any authenticated user such as subscriber, or an unauthenticated attacker via a CSRF could update any of the blog options (set to the serialized POST data) which could make the blog and its plugins unusable.

Proof of Concept

Affects Plugins

Plugin icon
wp-import-export-lite
Fixed in 3.9.5

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
28b06084-67a0-466d-8030-5feddbafdfe2

Timeline

Publicly Published
2021-09-20 (about 4 years ago)
Added
2021-09-20 (about 4 years ago)
Last Updated
2021-09-20 (about 4 years ago)

Other

Published
Title
Published
2021-10-05
Title
Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
Published
2024-03-25
Title
WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
Published
2021-10-26
Title
HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset
Published
2023-07-17
Title
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
Published
2021-12-29
Title
Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion