Broken Link Checker by AIOSEO Missing Authorization Vulnerability in WordPress
Vulnerability
A vulnerability exists in the Broken Link Checker by AIOSEO WordPress plugin, specifically in versions through 1.2.5. The issue stems from a lack of proper authorization checks in a REST API endpoint, allowing authenticated users with contributor-level access or higher to delete arbitrary posts. This vulnerability arises because the plugin only verifies a broad capability granted to contributors, without ensuring that the user has permission to modify the targeted post.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of posts by users with contributor-level access or higher.
Reproduction
To reproduce this vulnerability, an authenticated user with contributor-level access or above can send a DELETE request to the '/wp-json/aioseoBrokenLinkChecker/v1/post' endpoint, targeting a specific post ID. The request will be processed without proper authorization, leading to the post being trashed.
Remediation
Users are advised to update the Broken Link Checker by AIOSEO plugin to version 1.2.6 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.