Swatchly WooCommerce Variation Swatches for Products Missing Authorization Vulnerability

A vulnerability exists in the Swatchly – WooCommerce Variation Swatches for Products plugin for WordPress, specifically in versions 1.2.8 to 1.4.0. The issue arises from a lack of proper capability checks in the ajax_dismiss function, allowing authenticated attackers with Subscriber-level access and above to unauthorizedly modify option values on the WordPress site. This could be exploited to introduce errors that disrupt site functionality or to manipulate specific settings, such as enabling user registration.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in WordPress option values, potentially causing errors on the site or disrupting access for legitimate users. Additionally, it could be used to manipulate user registration settings.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a POST request to the WordPress site using the 'swatchly_notices' action. The request must include the notice ID, along with a nonce for verification. However, the plugin fails to properly validate the user's capability to perform this action, allowing unauthorized modifications to option values.

Remediation

Users are advised to update the Swatchly – WooCommerce Variation Swatches for Products plugin to version 1.4.1 or later.