RealPress WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Content Creation and Email Sending
Vulnerability
A vulnerability exists in the RealPress WordPress plugin in versions prior to 1.1.0, where REST routes are registered without adequate permission checks. This flaw enables unauthenticated users to create pages and send emails from the site. The vulnerability arises from the lack of authorization verification in the plugin's REST API implementation.
Impact
Exploitation of this vulnerability allows for unauthorized content creation and email transmission from the affected WordPress site.
Reproduction
To reproduce this vulnerability, send a POST request to the '/wp-json/realpress/v1/page' endpoint with a JSON body containing the 'title', 'content', 'post_type', and 'post_status' fields to create a page. Additionally, a POST request can be sent to the '/wp-json/realpress/v1/contact-form' endpoint with a JSON body including 'email_target', 'name', 'phone', 'email', 'message', 'terms_and_conditions', and 'cc_admin' to send an email.
Remediation
Users are advised to update the RealPress WordPress plugin to version 1.1.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.