WordPress Reviewify Plugin Missing Authorization Vulnerability Allows Coupon Creation

A vulnerability exists in the Reviewify plugin for WordPress, specifically in versions through 1.0.6. The issue arises from a lack of proper capability checks on the 'send_test_email' AJAX action. This flaw enables authenticated attackers with Contributor-level access and above to create arbitrary WooCommerce discount coupons, potentially leading to financial losses for the store.

Impact

Exploitation of this vulnerability allows for unauthorized creation of WooCommerce discount coupons, which could result in financial losses for the affected store.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can send a request to the 'send_test_email' AJAX action without the necessary capability checks. This can be done by manually crafting the request to include the action and any required data, such as the nonce for verification. Once the request is sent, the user can create a discount coupon that will be applied in WooCommerce.

Remediation

Users are advised to update the Reviewify plugin to the latest version, where this vulnerability has been addressed. If no update is available, consider uninstalling the plugin and finding a replacement.