Ziggeo WordPress Plugin Missing Authorization Vulnerability Allowing Arbitrary Modifications
Vulnerability
A vulnerability exists in the Ziggeo plugin for WordPress, affecting all versions up to and including 3.1.1. The issue stems from the 'wp_ajax_ziggeo_ajax' handler, which only checks for a nonce but fails to verify user capabilities. This oversight allows authenticated users with Subscriber-level access and above to perform various administrative tasks, such as saving arbitrary translation strings, managing event templates, modifying SDK application settings, and handling notifications.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in plugin settings and content management, potentially allowing for further exploitation or disruption of the website's functionality.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'wp_ajax_ziggeo_ajax' action. The request must include the 'ziggeo_ajax_nonce' to bypass the nonce check. Once the request is processed, the user can invoke any of the administrative operations that the vulnerability exposes, such as updating plugin settings or managing event templates.
Remediation
Users are advised to update the Ziggeo WordPress plugin to version 3.1.2 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.