Apus Framework WordPress Plugin Privilege Escalation Vulnerability
Vulnerability
A vulnerability in the Apus Framework plugin for WordPress, present in all versions through 2.3, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of capability checks in the 'import_page_options' function, enabling authenticated attackers with Subscriber-level access or higher to change arbitrary options on the WordPress site. Exploitation of this vulnerability could involve altering the default role for new users to administrator and activating user registration, thereby granting administrative access to the attacker on the compromised site.
Impact
Exploitation of this vulnerability could allow an attacker to gain administrative privileges on a WordPress site, potentially leading to further exploitation or damage.
Remediation
No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.