The Ultimate WordPress Toolkit – WP Extended Missing Authorization Vulnerability in Post Order Management
Vulnerability
A vulnerability exists in The Ultimate WordPress Toolkit – WP Extended plugin for WordPress, in all versions through 3.0.13. The issue arises from a missing capability check in the reorder_route() function, allowing unauthorized users to manipulate post order. This flaw enables unauthenticated attackers to reorder posts, potentially disrupting the intended content organization.
Impact
Exploitation of this vulnerability allows for unauthorized post order manipulation, which could disrupt content organization and management on the WordPress site.
Reproduction
The vulnerability can be reproduced by sending a POST request to the 'wpext/v1/reorder' endpoint of the WordPress REST API. This request must include a payload that specifies the new order for the posts. The absence of proper authorization checks allows this action to be performed by unauthenticated users.
Remediation
Users are advised to update the plugin to version 3.0.14 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.