User Generator and Importer WordPress Plugin Cross-Site Request Forgery Vulnerability Privilege Escalation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the User Generator and Importer plugin for WordPress, affecting versions through 1.2.2. The vulnerability arises from inadequate nonce validation in the 'Import Using CSV File' feature, allowing unauthenticated attackers to exploit the flaw. By sending a forged request, attackers could create user accounts with administrator rights, provided they can persuade a site administrator to engage with the request, such as by clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized users gaining administrative privileges on the WordPress site by creating accounts with admin rights through a manipulated request.

Reproduction

To reproduce this vulnerability, an attacker must craft a CSV file containing user data, including usernames and email addresses. The attacker then needs to send a request to the 'Import Using CSV File' function of the plugin, without the required nonce for validation. If successful, this will create new user accounts with administrator privileges.

Remediation

No patch is currently available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.