Insert Headers and Footers Code – HT Script WordPress Plugin Missing Authorization Vulnerability

A vulnerability exists in the Insert Headers and Footers Code – HT Script plugin for WordPress, in all versions through 1.1.2. The issue arises from a lack of proper capability checks in the ajax_dismiss function, allowing authenticated attackers with Subscriber-level access and above to unauthorizedly modify option values on the WordPress site. This could be exploited to set options that disrupt site functionality, potentially causing errors that deny access to legitimate users, or to manipulate specific values, such as those related to user registration.

Impact

Exploitation of this vulnerability allows for unauthorized modification of WordPress option values, which can disrupt site functionality and user access.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a POST request to the WordPress site using the 'wp_ajax_htscript_notices' action. The request must include a notice ID and can optionally include parameters to specify how the notice should be handled, such as whether it has already been addressed or when it should expire. The absence of a capability check in the 'ajax_dismiss' function allows this action to be performed without proper authorization, enabling the user to update option values on the site.

Remediation

Users are advised to update the Insert Headers and Footers Code – HT Script plugin to version 1.1.3 or a newer patched version.