Unify WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Option Deletion
Vulnerability
A vulnerability exists in the Unify plugin for WordPress, affecting all versions up to and including 3.4.9. The issue arises from a lack of capability checks on the 'init' action, which allows unauthenticated attackers to delete specific plugin options using the 'unify_plugin_downgrade' parameter.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of plugin options, which could disrupt the functionality of the Unify plugin or lead to loss of important data associated with the plugin's settings.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'unify_plugin_downgrade' parameter included. This can be done through a browser or a tool like cURL. The request will need to be made to an endpoint that processes 'admin_post' actions, such as 'wp-admin/admin-post.php'. Once the request is received, the specified plugin options will be deleted without any authorization check.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.