WordPress Plugin Vulnerabilities

Syncee - Global Dropshipping < 1.0.10 - Authentication Token Disclosure

Description

The plugin leaks the administrator token that can be used to take over the administrator's account.

Proof of Concept

The plugin sends a GET request to "/wp-json/syncee/retailer/v1/getDataForFrontend" endpoint to get access token of the administrator. An attacker can use this access token to takeover the administrator's Syncee account via adding new team member.

Affects Plugins

syncee-global-dropshipping

Fixed in version 1.0.10

References

CVE

CVE-2022-3694

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

5h4m4n53c

Submitter

5h4m4n53c

Verified

Yes

WPVDB ID

ad12bab7-9baf-4646-a93a-0d3286407c1e

Timeline

Publicly Published

2022-11-28 (about 4 months ago)

Added

2022-11-14 (about 4 months ago)

Last Updated

2022-11-14 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin