WordPress Plugin Vulnerabilities
Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion
Description
The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to perform the deletion on their behalf.
Proof of Concept
GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-delete-user&id=7 HTTP/1.1 Cookie: [Subscriber+]
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Lana Codes
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-05-30 (about 11 months ago)
Added
2023-05-31 (about 11 months ago)
Last Updated
2023-07-07 (about 10 months ago)