Debugger and Troubleshooter WordPress Plugin Unauthenticated Privilege Escalation Vulnerability

A vulnerability allowing unauthenticated privilege escalation to administrator level has been identified in the Debugger & Troubleshooter plugin for WordPress, affecting versions through 1.3.2. The issue arises because the plugin accepts the wp_debug_troubleshoot_simulate_user cookie value as a user ID without proper cryptographic validation or authorization checks. This cookie manipulation allows unauthenticated attackers to impersonate any user, including administrators, and perform privileged actions such as creating new admin accounts, modifying site content, and installing plugins.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain administrator-level access on the WordPress site, enabling them to perform any actions reserved for administrators, including creating new admin accounts and taking full control of the site.

Reproduction

To reproduce this vulnerability, set the wp_debug_troubleshoot_simulate_user cookie to a target user ID. This can be done using a web browser's developer tools or through a script that modifies cookie values. Once the cookie is set, the user ID will be simulated for the current session, allowing access to administrator privileges if an admin ID is used.

Remediation

Users are advised to update the Debugger & Troubleshooter plugin to version 1.4.0 or later, where this vulnerability has been patched.