WP-Chatbot for Messenger Missing Authorization Vulnerability Allowing Unauthenticated Configuration Takeover
Vulnerability
A vulnerability exists in the WP-Chatbot for Messenger WordPress plugin, in all versions through 4.9, allowing for authorization bypass. The plugin fails to properly verify user authorization for certain actions. This flaw enables unauthenticated attackers to overwrite the site's MobileMonkey API token and company ID options. Such changes can hijack the chatbot's configuration, redirecting visitor conversations to an attacker-controlled MobileMonkey account.
Impact
Exploitation of this vulnerability allows for unauthorized modification of chatbot settings, potentially leading to interception of conversations with website visitors.
Reproduction
To reproduce this vulnerability, an unauthenticated user can send a request to the WordPress site with the 'auth_token' and 'company_id' parameters. This can be done using a tool like Postman or through a custom script that targets the WordPress site's API. Once the request is sent, the WordPress site will update the MobileMonkey API token and company ID options with the values provided in the request, without any authorization check.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.