If the site was unsecured and the user had the required privileges, this would allow an attacker to delete other user’s clients, which could lead to a potential data breach. An attacker would need to host a website on a server where id was set to the id of another user. If these conditions are met, an attacker could exploit this vulnerability by crafting a request to delete another user’s clients, which would be accepted by the site and executed as though it came from the user that was targeted. It is advised that site administrators review the user privileges assigned to each user account to ensure that only those with the “CREATE_CLIENT” and “DELETE_CLIENT” privileges are given access to this functionality.
CVE References: This issue was discovered by Tyler Trew, @trewy.
Summary
In this blog post, the author discusses a vulnerability that allowed an attacker to delete another user’s clients. This vulnerability was found in a WordPress plugin, which has since been patched by the developer. The blog post provides a summary of the vulnerability and how it was fixed.
Vulnerability Overview:
A vulnerability in the access control system of an unsecured website allows an attacker to delete other person’s clients, which could lead to a potential data breach.
Timeline
Published on: 11/03/2022 20:15:00 UTC
Last modified on: 11/04/2022 14:59:00 UTC