CRM Memberships WordPress Plugin Missing Authorization Vulnerability in 'ntzcrm_add_new_tag' AJAX Action

A vulnerability exists in the CRM Memberships plugin for WordPress, allowing unauthorized creation of membership tags. This issue arises from a lack of proper capability checks in the 'ntzcrm_add_new_tag' function, affecting all versions up to and including 2.5. As a result, unauthenticated attackers can create arbitrary membership tags and alter CRM settings that should be reserved for administrators.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in membership tags and CRM configurations, potentially allowing attackers to manipulate data or settings inappropriately.

Reproduction

To reproduce this vulnerability, send an AJAX request to the 'wp_ajax_ntzcrm_add_new_tag' action without authentication. Include the 'tag_name' and 'plan_link' parameters in the request. The absence of a capability check will allow the creation of a new tag, which can then be applied to users or used in other plugin functionalities.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.