LWSCache WordPress Plugin Improper Authorization Vulnerability Allowing Unauthorized Plugin Activation

A vulnerability exists in the LWSCache WordPress plugin, specifically in the lwscache_activatePlugin() function, in all versions through 2.8.5. The issue stems from improper authorization, which allows authenticated attackers with Subscriber-level access and above to activate any whitelisted LWS plugins. This could lead to unauthorized modifications or actions within the WordPress site.

Impact

Exploitation of this vulnerability could allow unauthorized activation of whitelisted LWS plugins, potentially leading to further vulnerabilities or issues on the WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send an AJAX request to the 'lwscache_activatePlugin' action. The request must include the 'ajax_slug' parameter, specifying the slug of the desired LWS plugin to activate. The absence of proper authorization checks in the 'lwscache_activatePlugin' function allows this action to be performed without the necessary permissions.

Remediation

Users are advised to update the LWSCache plugin to version 2.9 or later, where this vulnerability has been patched.