Feather Login Page < 1.1.2 – Missing Authorization to Authentication Bypass and Privilege Escalation | CVE 2023-2545

Description

The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation.

Proof of Concept

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-get-users
Cookie: [Subscriber+]

Affects Plugins

feather-login-page

Fixed in 1.1.2

References

CVE

CVE-2023-2545

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-authentication-bypass-and-privilege-escalation

Miscellaneous

Original Researcher

Lana Codes

Verified

WPVDB ID

2d17c440-8ac7-4bb9-b5c0-5f5fb732ba73

Timeline

Publicly Published

2023-05-30 (about 2 years ago)

Added

2023-05-31 (about 2 years ago)

Last Updated

2023-07-07 (about 2 years ago)

Other

Published

Title

Published

2014-08-01

Title

Simple History - RSS Feed "rss_secret" Disclosure Weakness

Published

2022-03-11

Title

WordPress < 5.9.2 - Prototype Pollution in jQuery

Published

2014-09-30

Title

BulletProof Security < .52.5 - Script Insertion

Published

2024-12-17

Title

WPC Shop as a Customer for WooCommerce < 1.2.9 - Authentication Bypass Due to Insufficiently Unique Key

Published

2013-06-21

Title

WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation