Themes Coder WordPress Plugin Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in the Themes Coder – Create Android & iOS Apps For Your WooCommerce Site plugin for WordPress, affecting all versions through 1.3.4. The vulnerability arises from the plugin's failure to properly validate user identity before allowing password changes via the update_user_profile() function. This flaw enables unauthenticated attackers to reset passwords for any user, including administrators, and gain unauthorized access to their accounts.
Impact
Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeovers, particularly of administrative accounts.
Reproduction
To reproduce this vulnerability, send a POST request to the WordPress REST API endpoint '/wp-json/api/tc_user/update_user_profile' without proper authentication. Include the 'email' parameter to specify the account whose password should be changed. The request will bypass authentication and allow the password to be reset, enabling access to the specified account.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and consider a replacement.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.