WP Books Gallery Missing Authorization Vulnerability in WordPress Permalink Settings Update

A vulnerability exists in the WP Books Gallery plugin for WordPress, specifically in versions through 4.8.0. The issue stems from a missing authorization check, allowing unauthenticated users to modify the custom post type slug for the books gallery. This vulnerability arises because the plugin's admin_init hook, responsible for updating permalink settings, lacks proper capability checks and nonce verification. As a result, unauthorized attackers can alter the URL structure for book entries, potentially disrupting existing links and SEO performance.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the custom post type slug used in the books gallery, disrupting the URL structure for all book entries. This can break existing links and negatively impact SEO rankings.

Reproduction

To reproduce this vulnerability, send a POST request to the WordPress admin permalink settings page without the necessary authorization. Include the 'permalink_structure' parameter to trigger the update for the 'wbg_cpt_slug' option. The absence of capability checks and nonce verification will allow the change to be made without authentication.

Remediation

Users are advised to update the WP Books Gallery plugin to version 4.8.1 or a newer patched version.