Can you explain this vulnerability to me?

This vulnerability exists in the IDonate WordPress plugin versions before 2.1.13. It occurs because the plugin does not have proper authorization checks and lacks Cross-Site Request Forgery (CSRF) protection when deleting users via an action handler. As a result, unauthenticated attackers can send specially crafted requests to the plugin's endpoint to delete arbitrary users without permission. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can have a significant impact by allowing attackers to delete arbitrary users from the WordPress site without authentication. This could lead to loss of user accounts, disruption of service, potential loss of data, and unauthorized manipulation of the user base, which can affect the site's integrity and availability. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to send a crafted POST request to the WordPress site's admin-ajax.php endpoint targeting the vulnerable action handler. A sample command to test this is: curl -X POST http://example.com/wp-admin/admin-ajax.php -H "Content-Type: application/x-www-form-urlencoded" -d "action=panding_donor_action&target=delete&userid=<<INSERT_USER_ID>>" Replace <<INSERT_USER_ID>> with a valid user ID to check if the user can be deleted without authorization. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the IDonate WordPress plugin to version 2.1.13 or later, where this vulnerability has been fixed. Until the update can be applied, restrict access to the wp-admin/admin-ajax.php endpoint or implement additional access controls to prevent unauthenticated requests from triggering the vulnerable action handler. [1]

Useful 0 Not Useful 0