Can you explain this vulnerability to me?

The vulnerability exists in the UsersWP WordPress plugin, specifically in the upload_file_remove() AJAX handler. It occurs because the plugin does not properly validate the $htmlvar parameter against a whitelist of allowed fields or check if the field is marked for admin use only.

As a result, authenticated users with subscriber-level access or higher can bypass intended field-level access restrictions and clear or reset any restricted usermeta column for their own user record, including those fields meant only for administrators.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability allows authenticated users with low-level access (subscriber-level and above) to modify restricted user metadata fields for their own accounts that should normally be protected.

The impact is limited to integrity issues where users can reset or clear sensitive fields that are intended only for admin use, potentially leading to unauthorized changes in user profile data.

The CVSS score of 4.3 indicates a low to medium severity impact, with no confidentiality or availability impact, but with some integrity impact.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows authenticated users with subscriber-level access and above to bypass intended field-level access restrictions and clear or reset restricted usermeta fields, including those marked "For admin use only".

This improper access control could potentially lead to unauthorized modification of user data, which may impact compliance with data protection standards and regulations such as GDPR and HIPAA that require strict access controls and protection of sensitive user information.

Useful 0 Not Useful 0