CVE CyberSecurity Database News

CVE-2023-45658 - Missing Authorization in POSIMYTH Nexter (n/a - 2..3) — Exploit Details & Mitigation

Poster -

Summary:
POSIMYTH Nexter, a popular WordPress theme, was found to have a missing authorization vulnerability (CVE-2023-45658) up to version 2..3. This flaw lets malicious users take unauthorized actions, possibly leading to privilege escalation, data leaks, or site compromise. In this article, we’ll break down what went wrong, show code snippets, and provide practical advice to stay secure.

What is POSIMYTH Nexter?

Nexter Theme is a lightweight, customizable WordPress theme from POSIMYTH Innovations, popular for its flexibility and integration with site builders. Having a vulnerability in such a central component is a serious concern for thousands of WordPress site owners.

What Does “Missing Authorization” Mean?

It means the code does not properly check if a user is allowed to perform a certain action. As a result, anyone — including non-logged-in users — can trigger sensitive operations.

Suppose there’s sensitive functionality accessible through an AJAX call

add_action('wp_ajax_nexter_update_settings', 'nexter_update_settings_function');
function nexter_update_settings_function() {
    // No authentication or authorization checks here!
    // Any user can call this function and update settings!
    
    $new_setting = $_POST['site_title'];
    update_option('blogname', sanitize_text_field($new_setting));
    echo json_encode(['status' => 'success']);
    wp_die();
}

Key Problem:
There’s no check like current_user_can('manage_options') or is_user_logged_in() before executing sensitive changes.

With the above code, an attacker just needs to POST to /wp-admin/admin-ajax.php

curl -X POST -d "action=nexter_update_settings&site_title=HACKED" https://targetsite.com/wp-admin/admin-ajax.php

No authentication is required — total control over some site settings!

How Was This Discovered?

The issue was reported and tracked as CVE-2023-45658.
Official advisory: https://wordpress.org/plugins/nexter-addon/#developers

Update Nexter immediately to version 2..4 or later

- Changelog/Downloads

If you have to patch manually before updating, always check user capabilities

function nexter_update_settings_function() {
    if (!current_user_can('manage_options')) {
        wp_send_json_error(['error' => 'Unauthorized'], 403);
        wp_die();
    }
    
    $new_setting = $_POST['site_title'];
    update_option('blogname', sanitize_text_field($new_setting));
    echo json_encode(['status' => 'success']);
    wp_die();
}

Know your version. In WordPress Admin, go to *Appearance > Themes* and check Nexter’s version.

2. Look for custom code registering AJAX functions with add_action('wp_ajax_') or add_action('wp_ajax_nopriv_') — if they lack checks, you might be at risk.

Conclusion

CVE-2023-45658 is a serious reminder to always validate user permissions, especially in themes and plugins. If you’re using POSIMYTH Nexter, update now. Site owners should regularly review code for “who can do what” logic.

Stay up to date:
- Nexter at WordPress.org
- National Vulnerability Database: CVE-2023-45658

Need help?
Check your logs for suspicious requests, or contact a security professional if you think your site was hit.


References:
- CVE-2023-45658 at NVD
- Nexter WordPress Theme
- WordPress AJAX Security Guide

Timeline

Published on: 06/19/2024 12:15:10 UTC
Last modified on: 06/20/2024 15:53:59 UTC