LeadConnector WordPress Plugin Unauthenticated REST Call Vulnerability
Vulnerability
A vulnerability exists in the LeadConnector WordPress plugin in versions prior to 3.0.22, where a REST route lacks proper authorization. This flaw allows unauthenticated users to access the route and overwrite existing data. Exploitation involves sending a POST request to the vulnerable REST endpoint with custom values, which are then saved to the database, effectively allowing unauthorized data manipulation.
Impact
Exploitation of this vulnerability could lead to unauthorized data modification within the WordPress database, specifically overwriting existing custom values.
Reproduction
To reproduce this vulnerability, send a POST request to the REST endpoint 'wp-json/lc_internal_api/v1/save_custom_values' without authentication. Include a JSON payload with the 'custom_values' key, specifying the 'fieldKey' and 'id' of the value to be overwritten. After the request is processed, verify the database to confirm that the specified value has been successfully updated or created.
Remediation
Users are advised to update the LeadConnector WordPress plugin to version 3.0.22 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.