WordPress Plugin Vulnerabilities

WP Import Export Lite < 3.9.5 - Subscriber+ Extensions Update

Description

The plugin does not have any CSRF and authorisation checks done in wpie_ext_save_extensions AJAX action. This could allow any authenticated user such as subscriber, or an unauthenticated attacker via a CSRF to set the extensions to be used by the plugin, as well as disable all of them

Proof of Concept

Affects Plugins

Plugin icon
wp-import-export-lite
Fixed in 3.9.5

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
b5a8a4d1-61d9-46dd-8f52-321758172788

Timeline

Publicly Published
2021-09-20 (about 4 years ago)
Added
2021-09-20 (about 4 years ago)
Last Updated
2021-09-20 (about 4 years ago)

Other

Published
Title
Published
2022-02-02
Title
Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI
Published
2024-09-25
Title
Jupiter X Core < 4.7.8 - Limited Unauthenticated Authentication Bypass to Account Takeover
Published
2020-12-17
Title
ListingPro < 2.6.1 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation
Published
2023-10-16
Title
Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
Published
2025-02-19
Title
Prime Addons for Elementor < 2.0.2 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode