Library Management System WordPress Plugin Missing Authorization Vulnerability

A vulnerability exists in the Library Management System plugin for WordPress, all versions through 3.1, allowing unauthorized data modification. This issue arises from a lack of capability checks in the 'owt7_library_management_ajax_handler()' function. As a result, authenticated attackers with Subscriber-level access or higher can manipulate various plugin settings and features.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings and features, potentially allowing attackers to disrupt normal library management operations or misuse the plugin's functionality.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'admin-ajax.php' endpoint. The request must include the 'owt7_lms_nonce' for verification. Once the nonce is validated, the user can specify parameters to manipulate library management data, such as branches, users, bookcases, or categories, depending on the action requested.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.