Xelion Webchat WordPress Plugin Privilege Escalation Vulnerability

A vulnerability in the Xelion Webchat plugin for WordPress, present in versions through 9.1.0, allows authenticated users with Subscriber-level access and above to bypass capability checks and modify arbitrary site options. This unauthorized data manipulation can lead to privilege escalation by enabling attackers to change the default user role for new registrations to administrator, thereby gaining administrative access on the affected WordPress site.

Impact

Exploitation of this vulnerability could result in unauthorized administrative access to a WordPress site, allowing an attacker to manage site settings, users, and content with full privileges.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'xwc_save_settings' AJAX endpoint without the necessary capability to manage options. The request can include a payload that specifies the option names and values to be updated. Since the function lacks proper authorization checks, the specified options will be modified accordingly. This can be used to change the default role for new user registrations to administrator, effectively granting admin rights to the attacker.

Remediation

Users are advised to update the Xelion Webchat plugin to version 9.2.0 or later.