Feather Login Page < 1.1.2 – Missing Authorization to Non-Arbitrary User Deletion | CVE 2023-2547

Description

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to perform the deletion on their behalf.

Proof of Concept

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-delete-user&id=7 HTTP/1.1
Cookie: [Subscriber+]

Affects Plugins

feather-login-page

Fixed in 1.1.2

References

CVE

CVE-2023-2547

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-non-arbitrary-user-deletion

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

WPVDB ID

5c8ae097-029c-4dd7-b33f-ca8c2fd0f526

Timeline

Publicly Published

2023-05-30 (about 2 years ago)

Added

2023-05-31 (about 2 years ago)

Last Updated

2023-07-07 (about 2 years ago)

Other

Published

Title

Published

2022-03-28

Title

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

Published

2021-01-22

Title

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

Published

2023-04-25

Title

REST API TO MiniProgram <= 4.6.9 - Subscriber+ Attachment Deletion

Published

2019-07-10

Title

WP-GraphQL < 0.3.5 - Improper Access Control

Published

2021-08-30

Title

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update