Construction Light WordPress Theme Authentication Bypass Vulnerability Allowing Arbitrary Plugin Activation
Vulnerability
An authentication bypass vulnerability has been identified in the Construction Light WordPress theme, affecting versions prior to 1.6.8. The vulnerability arises from a lack of proper authorization and Cross-Site Request Forgery (CSRF) protection when activating plugins through an AJAX action. This flaw allows any authenticated user, including subscribers, to activate arbitrary plugins.
Impact
Exploitation of this vulnerability could lead to unauthorized activation of plugins by authenticated users, such as subscribers, potentially allowing them to execute malicious code or modify site functionality.
Reproduction
To reproduce this vulnerability, send a POST request to 'wp-admin/admin-ajax.php' with the action 'constructionlight_activate_plugin'. Include the 'slug' and 'file' parameters, specifying the plugin to be activated.
Remediation
Users are advised to update the Construction Light WordPress theme to version 1.6.8 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.