WowRevenue WordPress Plugin Missing Authorization Vulnerability Allows Arbitrary Plugin Installation
Vulnerability
A vulnerability exists in the WowRevenue plugin for WordPress, specifically in versions through 2.1.3. The issue arises from a lack of proper capability checks in the 'Notice::install_activate_plugin' function. This flaw enables authenticated attackers with subscriber-level access or higher to install arbitrary plugins on the affected site's server, potentially leading to remote code execution.
Impact
Exploitation of this vulnerability could allow for unauthorized installation and activation of plugins, which could be used to execute malicious code on the server.
Reproduction
To reproduce this vulnerability, an authenticated user with subscriber-level access can send a POST request to the WordPress admin ajax endpoint. The request must include the 'install_plugin' parameter with the slug of the plugin to be installed. This can be done manually or through a script that automates the process.
Remediation
Users are advised to update the WowRevenue plugin to version 2.1.4 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.