WordPress Plugin Vulnerabilities

WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

Description

The plugin does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

v3.8.15 partially fixed the issue as the wrong capability check was used

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?wpvr_version=8.2.8&action=rest_nonce

Affects Plugins

Fixed in 8.3.15

References

Classification

Type
ACCESS CONTROLS
CWE

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2023-12-14 (about 5 months ago)
Added
2023-12-14 (about 5 months ago)
Last Updated
2023-12-14 (about 5 months ago)

Other