WordPress Simple Shopping Cart Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the WordPress Simple Shopping Cart plugin, affecting all versions prior to and including 5.1.3. The vulnerability arises from the absence of proper randomization for a user-controlled key, enabling unauthenticated attackers to access and manipulate customer shopping carts. Exploitation of this vulnerability allows for editing product links, adding or deleting products, and discovering coupon codes.

Impact

Exploitation of this vulnerability allows unauthorized users to access and modify customer shopping carts, including adding or removing products and accessing coupon codes.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site with a cart ID that corresponds to an existing cart. This can be done by manually crafting a request that includes the cart ID in the URL or through a form that submits the cart ID. Once the request is received, the server-side code will process the cart ID and retrieve the associated cart data, which can then be manipulated.

Remediation

Users are advised to update the WordPress Simple Shopping Cart plugin to the latest version.