Feather Login Page < 1.1.2 – Missing Authorization to Non-Arbitrary User Deletion | CVE 2023-2547

Description

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to perform the deletion on their behalf.

Proof of Concept

GET /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-delete-user&id=7 HTTP/1.1
Cookie: [Subscriber+]

Affects Plugins

feather-login-page

Fixed in 1.1.2

References

CVE

CVE-2023-2547

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-non-arbitrary-user-deletion

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

WPVDB ID

5c8ae097-029c-4dd7-b33f-ca8c2fd0f526

Timeline

Publicly Published

2023-05-30 (about 11 months ago)

Added

2023-05-31 (about 11 months ago)

Last Updated

2023-07-07 (about 10 months ago)

Other

Published

Title

Published

2024-03-19

Title

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Published

2024-02-21

Title

Maintenance Page < 1.0.9 - Security Mechanism Bypass via REST API

Published

2021-10-26

Title

Bulk Datetime Change < 1.12 - Missing Authorisation

Published

2019-07-17

Title

Coming Soon Page & Maintenance Mode < 1.8.2 - Arbitrary Settings Reset

Published

2021-05-26

Title

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value