Post Carousel Slider for Elementor Missing Authorization Vulnerability

A vulnerability exists in the Post Carousel Slider for Elementor WordPress plugin, in versions through 1.6.0, due to improper authorization. The process_wbelps_promo_form() function lacks a necessary capability check, allowing authenticated attackers with Subscriber-level access and above to misuse the plugin's support form handler. This exploitation can result in the sending of arbitrary emails to the site's support address.

Impact

Exploitation of this vulnerability allows for unauthorized email sending from the affected site to the specified support address, potentially leading to misuse of the support channel or disruption of normal support operations.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'process_wbelps_promo_form' action via the WordPress admin AJAX endpoint. The request must include the 'post_name', 'post_email', 'post_subject', 'post_message', and 'post_plugin_name' fields. The absence of a capability check in the 'process_wbelps_promo_form' function will allow the email to be sent without proper authorization.

Remediation

Users are advised to update the Post Carousel Slider for Elementor plugin to version 1.7.0 or later.