Link Whisper WordPress Plugin Unauthenticated Settings Update Vulnerability

A vulnerability exists in the Link Whisper Free WordPress plugin in versions prior to 0.9.1. The issue arises from a publicly accessible REST endpoint that allows unauthenticated users to update plugin settings. Exploitation of this vulnerability can lead to unauthorized modifications of user meta data and plugin options.

Impact

Exploitation of this vulnerability allows for unauthorized updates to plugin settings and user meta data, potentially leading to further exploitation or misuse of the affected WordPress site.

Reproduction

To reproduce this vulnerability, send a POST request to the '/wp-json/link-whisper/ai-auth' endpoint. Include the 'access_token' parameter with a value of 'ai-malicious123', the 'user_id' parameter with an ID of a controlled user, and the 'uemail' parameter with an email address under the attacker's control. The request should be sent with the 'Content-Type' header set to 'application/x-www-form-urlencoded'. Upon successful exploitation, the response will be 'ok', and the specified user meta and option values will be created or modified.

Remediation

Users are advised to update the Link Whisper Free WordPress plugin to version 0.9.1 or later.