Boom Fest WordPress Plugin Missing Authorization Vulnerability in Settings Update

A vulnerability exists in the Boom Fest WordPress plugin, all versions through 2.2.1, allowing unauthorized data modification. The issue arises from a lack of capability checks in the 'bf_admin_action' function. This flaw enables authenticated attackers with Subscriber-level access or higher to alter plugin settings that affect the website's appearance.

Impact

Exploitation of this vulnerability allows for unauthorized changes to plugin settings, potentially altering the visual presentation of the affected WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a POST request to the 'admin-ajax.php' endpoint. The request must include the 'action' parameter set to 'bf_admin_action' and the 'celebration_type', 'decoration_image', 'font_style', and 'pages' parameters. The absence of proper authorization checks in the 'bf_admin_action' function will allow the request to be processed, enabling the user to update settings in the 'boom_festive_activated' table.

Remediation

Users are advised to update the Boom Fest WordPress plugin to version 2.2.2 or later.