Helpfulcrowd Product Reviews WordPress Plugin Authorization Bypass Vulnerability via PHP Type Juggling

A vulnerability exists in the Helpfulcrowd Product Reviews plugin for WordPress, specifically in versions up to and including 1.2.9. The issue arises from an authorization bypass flaw that leverages PHP type juggling. The vulnerability is rooted in the 'helpfulcrowd_validate_token()' function, which improperly uses a loose comparison operator to validate the 'token' parameter. This flaw allows unauthenticated users to bypass token validation and manipulate plugin settings arbitrarily.

Impact

Exploitation of this vulnerability allows for unauthorized users to modify plugin settings without any validation or sanitization, potentially leading to misconfigurations or other security issues.

Reproduction

To reproduce this vulnerability, send a request to the '/wp-json/helpfulcrowd/v1/update-settings' endpoint with a JSON boolean 'true' as the 'token' parameter. The loose comparison will bypass the authorization check, allowing the 'helpfulcrowd_settings_endpoint()' function to be invoked. This function can then be used to write arbitrary key-value pairs to the 'helpfulcrowd_options' database option.