WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate GDPR & CCPA Compliance Toolkit < 2.5 - Unauthenticated Plugin Settings Export and Import

Description

The plugin used the is_admin() method as an authorisation check, which does not check if the user is a an administrator. This could allow unauthenticated attackers to import arbitrary plugin’s settings and redirect all traffic to an external malicious website for example.

Even though proper capability checks have been added in 2.5, it seems that the attack could still be performed via CSRF as nonces were not added.

Affects Plugins

ct-ultimate-gdpr
Fixed in version 2.5

References

URL
https://blog.nintechnet.com/critical-vulnerability-in-wordpress-ultimate-gdpr-ccpa-compliance-toolkit-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

No

WPVDB ID
cd75a9a2-5d7e-428b-ad52-1afa974c35df

Timeline

Publicly Published

2021-02-05 (about 2 years ago)

Added

2021-02-05 (about 2 years ago)

Last Updated

2021-02-06 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin