Executive Summary

This vulnerability exists in the IDonate WordPress plugin versions before 2.1.13. It occurs because the plugin does not have proper authorization checks and lacks Cross-Site Request Forgery (CSRF) protection when deleting users via an action handler. As a result, unauthenticated attackers can send specially crafted requests to the plugin's endpoint to delete arbitrary users without permission. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact by allowing attackers to delete arbitrary users from the WordPress site without authentication. This could lead to loss of user accounts, disruption of service, potential loss of data, and unauthorized manipulation of the user base, which can affect the site's integrity and availability. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to send a crafted POST request to the WordPress site's admin-ajax.php endpoint targeting the vulnerable action handler. A sample command to test this is: curl -X POST http://example.com/wp-admin/admin-ajax.php -H "Content-Type: application/x-www-form-urlencoded" -d "action=panding_donor_action&target=delete&userid=<<INSERT_USER_ID>>" Replace <<INSERT_USER_ID>> with a valid user ID to check if the user can be deleted without authorization. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the IDonate WordPress plugin to version 2.1.13 or later, where this vulnerability has been fixed. Until the update can be applied, restrict access to the wp-admin/admin-ajax.php endpoint or implement additional access controls to prevent unauthenticated requests from triggering the vulnerable action handler. [1]

Useful 0 Not Useful 0