Accessiy By CodeConfig Accessibility WordPress Plugin Missing Authorization Vulnerability Allowing Arbitrary Page Creation

A vulnerability exists in the Accessiy By CodeConfig Accessibility WordPress plugin, specifically in versions through 1.0.0. The issue arises from a lack of proper authorization checks, which allows authenticated users with Subscriber-level access and above to create arbitrary published pages on the site. This vulnerability is exploited through the 'ccpcaCreatePage' AJAX action, where the plugin's 'Settings::createPage()' function fails to perform necessary capability validations.

Impact

Exploitation of this vulnerability allows for unauthorized page creation, with the newly created pages being published immediately.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'ccpcaCreatePage' AJAX action. The request must include the 'title' and 'content' parameters, which can be sanitized before being processed. The absence of authorization checks in the 'createPage' function allows the user to bypass restrictions and create published pages at will.

Remediation

Users are advised to uninstall the affected plugin and seek a replacement, as no patch is currently available.