Feather Login Page < 1.1.2 – Missing Authorization to Authentication Bypass and Privilege Escalation | CVE 2023-2545

Description

The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation.

Proof of Concept

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-get-users
Cookie: [Subscriber+]

Affects Plugins

feather-login-page

Fixed in 1.1.2

References

CVE

CVE-2023-2545

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-authentication-bypass-and-privilege-escalation

Miscellaneous

Original Researcher

Lana Codes

Verified

WPVDB ID

2d17c440-8ac7-4bb9-b5c0-5f5fb732ba73

Timeline

Publicly Published

2023-05-30 (about 11 months ago)

Added

2023-05-31 (about 11 months ago)

Last Updated

2023-07-07 (about 10 months ago)

Other

Published

Title

Published

2014-08-01

Title

Featured Post with thumbnail 1.4 - Unspecified timthumb

Published

2017-03-01

Title

VaultPress <= 1.8.6 - Backend Server SSL Verification Disabled

Published

2021-01-06

Title

iThemes Security < 7.7.0 - New-Password Requirements Not Enforced Until second Login

Published

2018-04-03

Title

WordPress 3.7-4.9.4 - Remove localhost Default

Published

2018-01-18

Title

Instagram Feed < 1.6 - Cross-Site Scripting (XSS)