Speedup Optimization WordPress Plugin Missing Authorization Vulnerability

A vulnerability exists in the Speedup Optimization plugin for WordPress, affecting all versions up to and including 1.5.9. The issue stems from the 'speedup01_ajax_enabled()' function, which manages the 'wp_ajax_speedup01_enabled' AJAX action. This function fails to implement necessary capability checks using 'current_user_can()' and does not verify nonces, leaving it open to exploitation. In contrast, other AJAX handlers within the same plugin, such as 'speedup01_ajax_install_iox' and 'speedup01_ajax_delete_cache_file', correctly validate permissions. As a result, authenticated attackers with Subscriber-level access or higher can manipulate the site's optimization settings by sending POST requests through the admin-ajax interface.

Impact

Exploitation of this vulnerability allows authenticated users with Subscriber-level access and above to arbitrarily enable or disable the site's optimization module.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a POST request to the 'wp_ajax_speedup01_enabled' action via the admin-ajax.php file. The request should include the 'status' parameter, indicating whether to enable or disable the optimization module. This can be done using a tool like Postman or through custom JavaScript in the browser's console.