WowOptin WordPress Plugin Missing Authorization Vulnerability Allows Arbitrary Plugin Installation

A vulnerability exists in the WowOptin WordPress plugin, specifically in the Next-Gen Popup Maker feature, versions through 1.4.24. The issue arises from a lack of proper capability checks in the 'install_and_active_plugin' function, allowing authenticated users with Subscriber-level access and above to install and activate arbitrary plugins. This could lead to various security risks, including the potential for malicious plugins to be introduced and executed on the site.

Impact

Exploitation of this vulnerability could result in unauthorized users installing and activating plugins, which could be used to execute malicious actions or introduce harmful code to the WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a POST request to the WordPress admin ajax endpoint. The request must include the 'install_plugin' parameter with the slug of the plugin to be installed, and the 'wpnonce' parameter to bypass the nonce verification. Once the request is processed, the specified plugin will be installed and activated on the site.

Remediation

Users are advised to update the WowOptin WordPress plugin to version 1.4.25 or later, where this vulnerability has been patched.