Primary

Context

zStore Manager Basic Missing Authorization Vulnerability in Cache Clearing Function

Vulnerability

A vulnerability exists in the zStore Manager Basic plugin for WordPress, affecting all versions through 3.311. The issue arises from a lack of proper capability checks in the zstore_clear_cache() function, allowing authenticated users with Subscriber-level access and above to clear the plugin's cache. This vulnerability could lead to unauthorized data loss.

Impact

Exploitation of this vulnerability allows for unauthorized cache clearing, which could disrupt the normal functioning of the plugin by causing data to be reloaded or regenerated, potentially leading to performance issues or loss of user-specific data.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can navigate to the zStore Manager Basic plugin's settings page. From there, the user can click the 'Clear Cache' button, which will trigger the cache clearing function without the necessary authorization checks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

zStore Manager Basic Missing Authorization Vulnerability in Cache Clearing Function

Vulnerability

Impact

Reproduction

Affected Products

zStore Manager Basic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating