Social Signals
WordPress Calendar Plugin Vulnerability Affects Up To 100k Sites
Mar
Wordfence printed an advisory on a vulnerability within the LatePoint – Calendar Reserving WordPress Plugin that makes it potential for authenticated attackers with Agent-level entry and above to realize larger stage privileges. The vulnerability acquired a CVSS vulnerability menace rating of 8.8/10. The difficulty impacts all variations as much as and together with 5.2.7.
LatePoint WordPress Calendar Plugin
The LatePoint WordPress plugin is utilized by service-based companies to allow clients to ebook appointments on-line, handle calendars, settle for funds, and ship confirmations.
Authenticated (Agent+) Privilege Escalation
The vulnerability requires authentication. Attackers will need to have an account with the LatePoint Agent function or larger. Agent shouldn’t be an administrator function. It’s sometimes assigned to employees who handle bookings and buyer information. On affected websites, that stage of entry is sufficient to exploit the flaw.
The vulnerability is as a result of plugin permitting customers with a LatePoint Agent function, when creating new clients, to set the wordpress_user_id subject. The wordpress_user_id subject hyperlinks a LatePoint buyer report to a WordPress consumer account.
The plugin doesn’t prohibit which WordPress consumer ID may be assigned. Due to this, an Agent can create a buyer and hyperlink it to any current WordPress consumer account, together with an administrator account. After linking the account, the Agent can reset the password.
Based on Wordfence:
“The LatePoint – Calendar Reserving Plugin for Appointments and Occasions plugin for WordPress is susceptible to privilege escalation by way of password reset in all variations as much as, and together with, 5.2.7. That is as a result of plugin permitting customers with a LatePoint Agent function, who’re creating new clients to set the ‘wordpress_user_id’ subject. This makes it potential for authenticated attackers, with Agent-level entry and above, to realize elevated privileges by linking a buyer to the arbitrary consumer ID, together with directors, after which resetting the password.”
What Attackers Can Do
This makes it potential for authenticated attackers, with Agent-level entry and above, to realize elevated privileges by linking a buyer to an arbitrary consumer ID after which resetting that consumer’s password.
Affected Variations And Patch
The vulnerability impacts all variations as much as and together with 5.2.7. The difficulty has been patched in model 5.2.8. Customers of the LatePoint plugin ought to replace to model 5.2.8 or a more recent model.
Featured Picture by Shutterstock/breakermaximus
#WordPress #Calendar #Plugin #Vulnerability #Impacts #100k #Websites
