WordPress REST API Custom Import Export Plugin Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the WordPress plugin 'REST API | Custom API Generator For Cross Platform And Import Export In WP', affecting versions 1.0.0 prior to 2.0.3. The vulnerability arises from a missing capability check in the 'process_handler()' function, allowing unauthenticated attackers to POST arbitrary 'import_api' URLs, import specially crafted JSON, and create new users with full Administrator privileges.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges on the WordPress site by creating new admin accounts.

Reproduction

To reproduce this vulnerability, send a POST request to the WordPress site's REST API with an 'import_api' parameter. Include a crafted JSON payload that, when imported, creates a new user with Administrator rights. The request can be made without authentication, exploiting the lack of a capability check in the 'process_handler()' function.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.