g-FFL Cockpit WordPress Plugin Improper Authorization Vulnerability Allowing Unauthenticated Product Deletion
Vulnerability
A vulnerability exists in the g-FFL Cockpit WordPress plugin, specifically in versions through 1.7.1. The issue arises from IP-based authorization that can be easily spoofed, allowing unauthenticated users to delete arbitrary WooCommerce products. This exploitation is possible by manipulating HTTP headers to bypass the plugin's authentication checks.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of WooCommerce products, including all associated metadata, term relationships, and images.
Reproduction
To reproduce this vulnerability, send a POST request to the '/wp-json/fflcockpit/v1/queue' endpoint, including the 'X-Forwarded-For' header with a spoofed IP address (3.212.185.187) to bypass authentication. The request must also include a JSON payload specifying the deletion action and the IDs of the products to be deleted. After queuing the deletion, send a second POST request to the '/wp-json/fflcockpit/v1/process' endpoint, again using the spoofed IP address, to execute the deletion.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.