WordPress Plugin Vulnerabilities
Feather Login Page < 1.1.2 - Missing Authorization to Authentication Bypass and Privilege Escalation
Description
The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation.
Proof of Concept
GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-get-users Cookie: [Subscriber+]
Affects Plugins
References
Miscellaneous
Original Researcher
Lana Codes
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-05-30 (about 11 months ago)
Added
2023-05-31 (about 11 months ago)
Last Updated
2023-07-07 (about 10 months ago)