Products
WordPress REST API TO MiniProgram plugin
- 4.7.1 and earlier
Source
security@wordfence.com
Tags
CVE-2024-8485 details
Last Modified : Sept. 25, 2024, 3:15 a.m.
Description
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user's accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user's account, including administrators.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.8 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-639 | Authorization Bypass Through User-Controlled Key | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.8
Exploitability Score
3.9
Impact Score
5.9
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://plugins.trac.wordpress.org/browser/rest-api-to-miniprogram/tags/4.7.0/includes/api/ram-rest-weixin-controller.php#L264 | security@wordfence.com |
| https://www.wordfence.com/threat-intel/vulnerabilities/id/b53066d3-2ff3-4460-896a-facd77455914?source=cve | security@wordfence.com |