漏洞标题
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 中存在对认证用户任意选项更新缺少权限验证漏洞
漏洞描述信息
WordPress插件MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics 在所有版本至1.5.9中存在权限验证不足的问题。具体来说,hubwoo_save_updates()函数缺少能力检查,导致拥有Contributor及以上权限的认证攻击者可以修改WordPress站点上的任意选项,从而实现权限提升。攻击者可利用此漏洞将注册的默认角色设置为管理员,并启用用户注册功能,以获取易受攻击站点的管理员访问权限。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
授权机制缺失
漏洞标题
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update
漏洞描述信息
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
授权机制缺失