A recently discovered Missing Authorization vulnerability (CVE-2023-45636) within the WebToffee WordPress Backup & Migration plugin allows attackers to exploit incorrectly configured access control security levels. This Blog post aims to explain this vulnerability and how it can affect WebToffee WordPress Backup & Migration users running all versions of the plugin up to 1.4.1.

Overview of the Vulnerability

The vulnerability exists due to insufficient access control configuration within the plugin code. An attacker can exploit this vulnerability to access sensitive data and gain unauthorized control over site backups and migration processes. The National Vulnerability Database ranks this vulnerability as a CVSS (Common Vulnerability Scoring System) 7.5, meaning it is classified as a high-severity vulnerability that can have significant security impact on affected environments.

Details on the Vulnerability

The WebToffee WordPress Backup & Migration plugin's code contains a missing authorization check in its functions responsible for handling user input and performing actions such as creating backups and exporting data. The incorrect access control validation allows unauthenticated users to access sensitive functions and execute arbitrary actions that should be restricted to authorized users only.

The following is a code snippet containing the vulnerable functions

// Sample vulnerable code from WebToffee WordPress Backup & Migration plugin
function wt_mgdp_secure_call()
{
// Missing authentication check before calling a secure function
wt_migrate_plugin::prepare_direct_migration();
}
add_action('wp_ajax_mg_dp_migration', 'wt_mgdp_secure_call');

The code snippet provided above shows the vulnerable function definition, where the essential authentication check is missing. This issue allows an attacker to send malicious requests to exploit the vulnerability and execute privileged actions without proper authorization.

Exploiting the Vulnerability

An attacker may exploit this vulnerability using a Cross-Site Request Forgery (CSRF) attack. By tricking a user with administrative privileges into clicking a malicious link or navigating to a specifically crafted webpage, an attacker can forge requests to the vulnerable endpoint. This forged request will then execute sensitive actions like exporting or migrating the website's data without the knowledge or consent of the authorized user.

How to Mitigate This Vulnerability

Considering the severity of this vulnerability, it is essential to secure your WebToffee WordPress Backup & Migration plugin installation as soon as possible. WebToffee has addressed this issue in the WordPress Backup & Migration version 1.4.2. Therefore, upgrading your plugin to the latest version should mitigate the vulnerability. Additionally, ensure that only trusted users are granted administrative access to further reduce the risk of unauthorized exploitation.

If you are unable to update the plugin, you can temporarily disable the vulnerable actions by adding a manual authentication check within the wt_mgdp_secure_call() function in the plugin's PHP code:

// Add authentication check as mitigation
function wt_mgdp_secure_call()
{
    // Adding basic authentication check
    if (!current_user_can('manage_options')) {
        wp_die(__('You do not have sufficient permissions to access this page.'));
    }

    wt_migrate_plugin::prepare_direct_migration();
}
add_action('wp_ajax_mg_dp_migration', 'wt_mgdp_secure_call');

This temporary fix will ensure that only users with administrative privileges can access the functions, thus preventing unauthorized access.

Conclusion

As illustrated in this post, the CVE-2023-45636 missing authorization vulnerability in the WebToffee WordPress Backup & Migration plugin can lead to unauthorized access to sensitive functions, exposing user data and allowing potential attackers to wreak havoc within your WordPress site.

To mitigate this high-severity vulnerability, it is critical to update your plugin to the latest patched version, preferably 1.4.2 or newer. Organizations should regularly audit their website plugins and ensure they are up-to-date to minimize potential security risks.

For more details about the CVE-2023-45636 vulnerability and other related information, you can refer to the following resources:

- National Vulnerability Database - CVE-2023-45636
- WebToffee Changelog
- WordPress Plugin Repository - WebToffee WordPress Backup & Migration

Timeline

Published on: 01/02/2025 12:15:09 UTC