Group Chat & Video Chat by AtomChat Missing Authorization Vulnerability on WordPress

A vulnerability exists in the Group Chat & Video Chat by AtomChat plugin for WordPress, in all versions through 1.1.7. The issue arises from a lack of proper capability checks in the 'atomchat_update_auth_ajax' and 'atomchat_update_layout_ajax' functions. This flaw allows authenticated attackers with Subscriber-level access and above to unauthorizedly modify plugin options, including sensitive settings like API keys, authentication keys, and layout configurations.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in critical plugin settings, potentially allowing for further exploitation or disruption of the WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the WordPress site that includes the 'atomchat_update_auth_ajax' or 'atomchat_update_layout_ajax' API endpoints. These requests can be made through the WordPress admin interface, bypassing the necessary capability checks and allowing the attacker to modify plugin options such as API keys and layout settings.

Remediation

Users are advised to update to the latest version of the Group Chat & Video Chat by AtomChat plugin, where this vulnerability has been patched. For those unable to update, consider reviewing and manually adjusting the affected AJAX endpoints to include proper capability checks and nonce verification.