CVE-2024-0975: WordPress Access Control Plugin Sensitive Information Exposure via REST API up to version 4..13

For all the WordPress users out there, especially those who use the WordPress Access Control plugin, we've come across an important security vulnerability that you should be aware of. The plugin's 'Make Website Members Only' feature can be bypassed by unauthorized attackers, thereby allowing them access to sensitive information they should not have. This vulnerability is known as CVE-2024-0975 and affects all versions of the plugin up to and including 4..13. In this blog post, we'll delve into the details of this vulnerability and how to safeguard your website content with version 4..13 or later.

What's the issue?

The Access Control plugin for WordPress has a feature called "Make Website Members Only," which, when enabled, should restrict certain page and post content to registered users only. However, an issue in the plugin allows unauthenticated users to retrieve restricted content through a REST API (Application Programming Interface) call by bypassing the plugin's access control mechanism.

This issue affects all versions of the WordPress Access Control plugin up to and including 4..13. Consequently, it makes it possible for unauthorized users to access sensitive information that should ideally be confined to members only.

Exploit Details

To better understand the exploit, let's take a look at it in action through a simple code snippet. The following Python code demonstrates how to exploit the vulnerability:

import requests

# Replace 'yourwebsite.com' with your WordPress site's URL
url = "https://yourwebsite.com/wp-json/wp/v2/posts";
response = requests.get(url)

if response.status_code == 200:
    for post in response.json():
        print(post["title"]["rendered"])
else:
    print("Error retrieving posts")

As shown in the code, attackers use the /wp-json/wp/v2/posts REST API endpoint to access a list of posts, including those that should only be accessible for registered users. This can happen regardless of whether the "Make Website Members Only" feature is enabled or not.

For original references and more information on CVE-2024-0975, please visit the following links

1. WordPress Access Control Plugin Vulnerability Announcement
2. CVE-2024-0975 Vulnerability Details
3. WordPress REST API Documentation

How to fix the vulnerability?

Fortunately, the plugin's developer has released version 4..14 to address this issue. If you are using the Access Control plugin, we strongly urge you to update the plugin to version 4..14 or later to protect your website content from unauthorized access. To update, simply navigate to your WordPress dashboard, go to the 'Plugins' section, and click on 'Update' next to the Access Control plugin.

In conclusion, it's essential to be aware of vulnerabilities like CVE-2024-0975 and regularly update your plugins. By updating to the latest version of the Access Control plugin, you can rest assured that the sensitive content on your WordPress site remains secure and accessible only to registered users. Always stay informed and protect your website from potential cyber threats.

Timeline

Published on: 02/28/2024 09:15:42 UTC
Last modified on: 02/28/2024 14:06:45 UTC