WordPress Age Restriction Plugin Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Age Restriction WordPress plugin, affecting versions through 3.0.2. The issue arises because the plugin's age_restrictionRemoteSupportRequest function lacks proper authorization. This flaw allows any authenticated user, including subscribers, to create an admin user with a hardcoded username and a password of their choice.

Impact

Exploitation of this vulnerability allows authenticated users to escalate their privileges by creating admin accounts with arbitrary passwords.

Reproduction

To reproduce this vulnerability, send a POST request to 'wp-admin/admin-ajax.php' with the action 'age_restrictionRemoteSupportRequest' and the sub_action 'access_details'. Include the 'params' data specifying 'age_restriction-create_wp_credential=yes' and 'age_restriction-password' set to the desired password. After the request is processed, log in using the username 'aateam_support' and the password you set.