Document Embedder WordPress Plugin Insecure Direct Object Reference Vulnerability Allowing Unauthorized Deletion of Document Library Entries
Vulnerability
A vulnerability exists in the Document Embedder WordPress plugin, specifically in versions up to and including 2.0.4. The issue is an Insecure Direct Object Reference (IDOR), where the plugin fails to properly verify user permissions for accessing resources through several AJAX actions. This flaw enables authenticated users with Author-level access and above to read, modify, and delete Document Library entries created by other users, including administrators, by manipulating the 'id' parameter.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of Document Library entries, potentially including those belonging to administrators.
Reproduction
To reproduce this vulnerability, an authenticated user with Author-level access or higher can send a request to the 'bplde_delete_document_library' AJAX action. The request must include the 'id' parameter, which can be used to specify a Document Library entry created by another user. The absence of proper permission checks allows the attacker to delete the specified entry, regardless of its ownership.
Remediation
Users are advised to update the Document Embedder WordPress plugin to version 2.0.5 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.