WP Page Permalink Extension Missing Authorization Vulnerability Allowing Rewrite Rules Flush
Vulnerability
A missing authorization vulnerability has been identified in the WP Page Permalink Extension for WordPress, affecting all versions up to and including 1.5.4. The issue arises from the absence of authorization checks in the 'cwpp_trigger_flush_rewrite_rules' function, which is connected to the 'wp_ajax_cwpp_trigger_flush_rewrite_rules' action. This vulnerability enables authenticated attackers with Subscriber-level access and above to flush the site's rewrite rules by manipulating the 'action' parameter.
Impact
Exploitation of this vulnerability allows for unauthorized flushing of WordPress rewrite rules, which can disrupt permalink structures and potentially lead to other vulnerabilities or issues within the site.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'wp_ajax_cwpp_trigger_flush_rewrite_rules' action. This request will be processed by the 'cwpp_trigger_flush_rewrite_rules' function, which will flush the site's rewrite rules without any authorization checks.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.