WHMPress WHMCS Client Area WordPress Plugin Privilege Escalation Vulnerability
Vulnerability
A vulnerability in the WHMPress - WHMCS Client Area plugin for WordPress, present in versions through 4.3-revision-3, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of proper capability checks in the update_settings case within the /admin/ajax.php file. As a result, authenticated attackers with Subscriber-level access or higher can manipulate arbitrary options on the WordPress site. This vulnerability could be exploited to change the default registration role to administrator and activate user registration, enabling attackers to gain admin access on the affected site.
Impact
Exploitation of this vulnerability could result in unauthorized users gaining administrative privileges on the WordPress site, allowing them to make significant changes, including managing users and modifying site content.
Remediation
No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.