LatePoint WordPress Plugin Cross-Site Request Forgery Vulnerability Allowing Account Takeover

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the LatePoint WordPress plugin, affecting all versions through 5.1.94. The issue arises from inadequate nonce validation in the 'change_password()' function within the 'customer_cabinet__change_password' AJAX route. This vulnerability allows unauthenticated attackers to manipulate logged-in customers or administrators into clicking a malicious link, which can result in unauthorized password changes and account takeovers.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, leading to unauthorized password changes and account takeovers.

Reproduction

To reproduce this vulnerability, an attacker must trick a logged-in user (either a customer or an administrator) into clicking a link that activates the 'customer_cabinet__change_password' AJAX route without the necessary nonce validation. This can be done by sending a crafted link that exploits the absence of nonce checks, taking advantage of the user's authenticated session to change their password and potentially hijack their account.

Remediation

Users are advised to update the LatePoint WordPress plugin to version 5.2.0 or later, where this vulnerability has been patched.