Blaze Demo Importer Missing Authorization Vulnerability Allows Database Reset and File Deletion

A vulnerability in the Blaze Demo Importer plugin for WordPress, affecting versions 1.0.0 through 1.0.13, allows authenticated attackers with subscriber-level access and above to perform unauthorized database resets and delete files. The issue arises from a missing capability check in the 'blaze_demo_importer_install_demo' function, which enables attackers to truncate all database tables except for options, usermeta, and users. Additionally, the vulnerability allows for the removal of all sidebar widgets, theme modifications, and contents from the uploads folder.

Impact

Exploitation of this vulnerability leads to a complete reset of the WordPress database, excluding certain core tables, and allows for the deletion of all uploaded files, theme customizations, and sidebar widgets.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access can send an AJAX request to the 'blaze_demo_importer_install_demo' function without the necessary capability check. This request can include a parameter to trigger the database reset, which will then be executed, truncating the specified database tables and deleting the associated files and settings.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.