CVE-2024-1653: Unauthorized Data Modification Vulnerability in Categorify Plugin for WordPress

Summary: The Categorify plugin for WordPress (versions 1..7.4 and below) is susceptible to unauthorized modification of data. This is due to a missing capability check on the categorifyAjaxUpdateFolderPosition function. The issue allows authenticated attackers, with a minimum of subscriber-level access, to update the folder position of categories and metadata of other taxonomies.

Exploit Details

The missing capability check in the Categorify plugin for WordPress created a vulnerability in the categorifyAjaxUpdateFolderPosition function. Authenticated attackers, with subscriber-level access or higher, can exploit this vulnerability to cause unauthorized data modification.

By having subscriber-level access, attackers can easily tamper with categories' folder positions and unrightfully change the metadata related to other taxonomies. Consequently, affected websites may experience information inconsistency or data corruption.

Affected versions of the Categorify plugin: all versions up to and including 1..7.4.

Here's an example of an affected part of the plugin code

`
function categorify_ajax_save(){
global $wpdb;
$table_name = $wpdb->prefix . "categorify";
check_ajax_referer( 'categorify-ajax' );

In the above code, the nonce is verified but no capabilities check is done to make sure the user has proper permissions like 'manage_categories'.

Solution

The Categorify plugin should be updated to the latest version that includes proper capability checks and mitigates this vulnerability. In case an update is not immediately available, users should consider disabling the plugin until a patched version is released.

Impact

Websites utilizing the affected versions of the Categorify plugin are vulnerable to unauthorized data modification. This can result in incorrect information display, broken links, or potential data corruption.

Original References

- WordPress Plugin Repository: Categorify
- Vulnerability Disclosure: CVE-2024-1653: WordPress Plugin Categorify <= 1..7.4 - Unauthenticated Data Modification (Update)

Conclusion

This post regarding the CVE-2024-1653 vulnerability highlights the importance of continuously updating plugins and staying informed about potential security risks. Subscribing to plugin updates, following security news, and applying recommended measures are crucial in maintaining a secure and reliable website.

Timeline

Published on: 02/27/2024 11:15:08 UTC
Last modified on: 02/27/2024 14:19:41 UTC