CVE-2023-5411 - Unauthorized Data Modification Vulnerability in Funnelforms Free Wordpress Plugin

We've uncovered a security vulnerability in the popular Funnelforms Free WordPress plugin that is affecting versions up to and including 3.4. Due to this vulnerability, attackers with subscriber-level permissions can modify certain post values, which may have malicious implications for the websites that are using this plugin. We'd like to share the details of this vulnerability, relevant code snippet, and important references, so that users can protect their sites against this exploit.

Vulnerability Details

The core issue in the Funnelforms Free plugin lies within the "fnsf_af2_save_post" function, which is prone to unauthorized modification of data. The function lacks essential capability checks, which makes it possible for attackers with even minimal permissions to exploit this vulnerability. Although the scope of the modification is limited due to the fixed values passed to the "wp_update_post" function, this still poses a significant threat to website security.

The vulnerable function in question is shown below

function fnsf_af2_save_post( $post_id, $post ) {
    // ...code to retrieve and process posted data...

    // Missing capability check here

    $newsletters_args = array(
        'ID'           => $post_id,
        'post_title'   => $newsletter_title,
        'post_content' => $newsletter_content,
    );
    
    // Update the post into the database
    $post_id = wp_update_post( $newsletters_args );

    // ...code to save additional post metadata...
}

As you can see, there is a lack of capability checks before updating the post data which allows low-level users to make changes.

Exploit Reference

For an in-depth description of the vulnerability and its exploitation, you could refer to the original advisory posted by Redacted Security Researcher who discovered this vulnerability. To mitigate this vulnerability for your WordPress site, it's recommended to update the Funnelforms Free plugin to the latest version, which incorporates the necessary fixes.

Conclusion

CVE-2023-5411 highlights the significance of strong security practices in plugin development and draws attention to a critical vulnerability in the Funnelforms Free plugin for WordPress. By sharing this information, we hope to enable users to secure their websites and protect them against potential attacks. Make sure to update your Funnelforms Free plugin to the latest version to mitigate this vulnerability. If you're a developer, always perform thorough security assessments and incorporate necessary security measures in your code. Users should exercise caution when installing third-party plugins and ensure their websites are regularly updated and maintained.

Timeline

Published on: 11/22/2023 16:15:12 UTC
Last modified on: 11/27/2023 20:15:34 UTC