Search, Filters & Merchandising for WooCommerce Missing Authorization Vulnerability Allowing Plugin Deactivation
Vulnerability
A vulnerability exists in the Search, Filters & Merchandising for WooCommerce plugin for WordPress, specifically in versions through 3.0.63. The issue arises from a missing capability check on the 'wcis_save_email' endpoint, which allows authenticated attackers with Subscriber-level access and above to deactivate the plugin.
Impact
Exploitation of this vulnerability allows for unauthorized deactivation of the affected WordPress plugin.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'wcis_save_email' endpoint without the necessary capability. This can be done by using a tool that allows for the manipulation of HTTP requests, such as Postman or a browser extension that modifies request headers. The absence of a capability check on this endpoint creates a loophole that can be exploited to deactivate the plugin.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.