Executive Summary

This vulnerability in the Folderly WordPress plugin allows authenticated users with Author-level access or higher to clear all data such as terms and categories via the /wp-json/folderly/v1/config/clear-all-data REST API endpoint. The issue is caused by an insufficient capability check that originally allowed users with the 'upload_files' capability to perform this action, which was too permissive. The fix involved changing the permission check to require 'manage_options', restricting this action to administrators only. [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows an attacker with Author-level access or above to clear critical data like terms and categories from the WordPress site, potentially disrupting site organization and content management. This could lead to data loss and operational issues on the affected website.

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking if the Folderly plugin version is 0.3 or below and by testing the /wp-json/folderly/v1/config/clear-all-data REST API endpoint for unauthorized access. Specifically, you can attempt to call this endpoint with an authenticated user having Author-level access and see if the data clearing action is permitted. For example, use curl commands to simulate REST API calls with different user credentials. However, no specific commands are provided in the resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediately update the Folderly plugin to a version that includes the security fix, which changes the REST API permission check from 'upload_files' capability to 'manage_options'. This restricts the sensitive REST API actions to administrators only, preventing unauthorized data clearing by lower-privileged users. [1]

Useful 0 Not Useful 0