WordPress Plugin Vulnerabilities

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

Description

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

Even with the maximum restrictions for a temporary administrator account, several attack vectors are possible against the targeted website, the simplest and fastest is raising system privileges to the administrator level (w/o restrictions) and taking full control of the attacked website.

Proof of Concept

Affects Plugins

Plugin icon
controlled-admin-access
Fixed in 1.5.2

References

CVE
CVE-2021-24215
URL
https://m0ze.ru/vulnerability/[2021-03-18]-[WordPress]-[CWE-284]-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt
YouTube Video

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.8 (high)

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter website
https://m0ze.ru
Submitter twitter
vladm0ze
Verified
Yes
WPVDB ID
eec0f29f-a985-4285-8eed-d1855d204a20

Timeline

Publicly Published
2021-03-23 (about 4 years ago)
Added
2021-03-23 (about 4 years ago)
Last Updated
2021-03-30 (about 4 years ago)

Other

Published
Title
Published
2024-02-21
Title
Maintenance Page < 1.0.9 - Missing Authorization to Sensitive Information Exposure
Published
2021-08-30
Title
Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update
Published
2021-11-15
Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Published
2022-01-19
Title
WP HTML Mail < 3.1 - Unprotected REST-API Endpoint
Published
2023-10-24
Title
Draw Attention < 2.0.16 - Improper Access Control via register_cpt