Ultimate GDPR & CCPA Compliance Toolkit < 2.5 – Unauthenticated Plugin Settings Export and Import | CVE 2021-4348 | Plugin Vulnerabilities

Description

The plugin used the is_admin() method as an authorisation check, which does not check if the user is a an administrator. This could allow unauthenticated attackers to import arbitrary plugin’s settings and redirect all traffic to an external malicious website for example.

Even though proper capability checks have been added in 2.5, it seems that the attack could still be performed via CSRF as nonces were not added.

Affects Plugins

ct-ultimate-gdpr

Fixed in 2.5

References

CVE

URL

https://blog.nintechnet.com/critical-vulnerability-in-wordpress-ultimate-gdpr-ccpa-compliance-toolkit-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

No

WPVDB ID

cd75a9a2-5d7e-428b-ad52-1afa974c35df

Timeline

Publicly Published

2021-02-05 (about 5 years ago)

Added

2021-02-05 (about 5 years ago)

Last Updated

2023-06-08 (about 2 years ago)

Other

Published

Title

Published

2021-05-07

Title

Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change

Published

2022-05-18

Title

JupiterX < 2.0.7 & JupiterX Core < 2.0.7 - Subscriber+ Arbitrary Plugin Deactivation and Settings Update

Published

2021-10-05

Title

Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal

Published

2024-01-24

Title

Views for WPForms < 3.2.3 - Missing Authorization via create_view

Published

2024-08-24

Title

PowerPack Pro for Elementor < 2.10.15 - Contributor+ Privilege Escalation