Make Email Customizer for WooCommerce WordPress Plugin Missing Authorization Vulnerability Allowing Arbitrary Options Update
Vulnerability
A vulnerability exists in the Make Email Customizer for WooCommerce WordPress plugin, versions through 1.0.6, due to inadequate authorization checks and option validation in its AJAX actions. This flaw enables any authenticated user, including Subscribers, to modify arbitrary WordPress options.
Impact
Exploitation of this vulnerability allows for unauthorized users to change WordPress option settings, potentially leading to broader site misconfigurations or privilege escalation.
Reproduction
To reproduce this vulnerability, an authenticated user can send a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'save_meta' or 'ec_save_option', depending on the available AJAX action. The 'field_name' parameter can be used to specify which WordPress option to update, such as 'default_role' or 'users_can_register'. After the request is processed, the changes can be verified by checking the General Settings page or by registering a new user with the updated role.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.