Blaze Demo Importer WordPress Plugin Missing Authorization Vulnerability in Versions Through 1.0.12

A vulnerability exists in the Blaze Demo Importer plugin for WordPress, specifically in versions through 1.0.12. The issue arises from a lack of proper capability checks in the 'blaze_demo_importer_install_plugin' function. This flaw allows authenticated attackers with Subscriber-level access and above to install and activate a limited selection of specific plugins. To exploit this vulnerability, the News Kit Elementor Addons plugin and a BlazeThemes theme must be installed and activated.

Impact

Exploitation of this vulnerability allows for unauthorized installation and activation of certain plugins, which could lead to further vulnerabilities or issues on the affected WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'blaze_demo_importer_install_plugin' AJAX action. This request can include the demo slug, along with any required plugins or files. If the News Kit Elementor Addons plugin and a BlazeThemes theme are active, the specified plugins will be installed and activated, bypassing normal authorization checks.

Remediation

Users are advised to update the Blaze Demo Importer plugin to version 1.0.13 or later.