Enable jQuery Migrate Helper Missing Authorization Vulnerability Allowing jQuery Downgrade

A vulnerability exists in the Enable jQuery Migrate Helper plugin for WordPress, specifically in versions through 1.4.1. The issue arises from a lack of proper capability checks in the 'downgrade_jquery_version()' function, which only verifies a nonce. This flaw enables authenticated attackers with Subscriber-level access or higher to downgrade the global jQuery version from 3.7.1 to the outdated 1.12.4-wp version, known to contain security vulnerabilities.

Impact

Exploitation of this vulnerability allows for unauthorized downgrading of jQuery to a version with known security issues, potentially leading to exploitation of those vulnerabilities.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'wp-admin/admin-ajax.php' endpoint. The request must include the 'action' parameter set to 'jquery-migrate-downgrade-version' and a valid nonce. This will trigger the downgrade of the jQuery version to 1.12.4-wp.