WP Statistics WordPress Plugin Missing Authorization Vulnerability Allows Arbitrary Settings Update
Vulnerability
A vulnerability exists in the WP Statistics WordPress plugin, specifically in versions through 14.13.3. The issue arises from a missing capability check in the 'optionUpdater' function, which allows authenticated attackers with Subscriber-level access or higher to modify arbitrary plugin settings. This unauthorized data modification could lead to various impacts depending on the settings changed.
Impact
Exploitation of this vulnerability could result in unauthorized changes to the WordPress site's analytics settings, potentially allowing attackers to manipulate how visitor data is collected or reported.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send an AJAX request to the 'optionUpdater' endpoint. This request must include the 'option' and 'value' parameters, specifying which plugin setting to update and the new value to apply. The absence of a proper capability check allows the user to modify settings without authorization.
Remediation
Users are advised to update the WP Statistics plugin to version 14.13.4 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.