Vertex Addons for Elementor Missing Authorization Vulnerability Allowing Arbitrary Plugin Installation and Activation

A vulnerability exists in the Vertex Addons for Elementor WordPress plugin, in all versions up to and including 1.6.4. The issue stems from inadequate authorization checks in the 'activate_required_plugins()' function, where the 'current_user_can('install_plugins')' check fails to properly halt execution when unauthorized. Instead, it merely sets an error message while allowing the plugin installation and activation processes to complete. As a result, authenticated users with Subscriber-level access or higher can exploit this vulnerability to install and activate any plugin on the WordPress site.

Impact

Exploitation of this vulnerability allows for unauthorized installation and activation of WordPress plugins, which could lead to further security issues, depending on the nature of the installed plugins.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'afeb_activate_required_plugins' AJAX action. The request can include data specifying the plugins to be installed and activated. Since the authorization check does not function correctly, the specified plugins will be installed and activated, regardless of the user's actual capabilities.

Remediation

Users are advised to update the Vertex Addons for Elementor plugin to version 1.7.0 or later, where this vulnerability has been patched.