Can you explain this vulnerability to me?

The WP Adminify plugin for WordPress has a vulnerability in versions up to 4.0.7.7 where an unauthenticated attacker can access the /wp-json/adminify/v1/get-addons-list REST API endpoint. This endpoint is improperly secured with a permission callback that always returns true, allowing anyone to retrieve sensitive information such as the complete list of available addons, their installation status, version numbers, and download URLs.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can expose sensitive information about the WordPress site's addons, including which addons are installed, their versions, and download URLs. This information could be used by attackers to identify potential weaknesses or outdated components to target for further attacks, increasing the risk of exploitation.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by sending an unauthenticated HTTP GET request to the /wp-json/adminify/v1/get-addons-list REST API endpoint on your WordPress site. For example, use the command: curl -X GET http://your-wordpress-site.com/wp-json/adminify/v1/get-addons-list and check if it returns a list of addons with their installation status, version numbers, and download URLs without requiring authentication.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the WP Adminify plugin to a version later than 4.0.7.7 where the vulnerability is fixed. If an update is not available, restrict access to the /wp-json/adminify/v1/get-addons-list endpoint by implementing authentication or firewall rules to block unauthenticated requests to this endpoint.

Useful 0 Not Useful 0