CVE-2023-40200

Vulnerability

The WP Logo Showcase Responsive Slider and Carousel plugin for WordPress, versions from n/a through 3.6, suffers from an authorization bypass vulnerability due to a missing or incorrect access control check. The plugin allows user-controlled keys (e.g., via request parameters) to directly access or modify protected settings without verifying the user's privileges. This is a classic Broken Access Control issue, affecting all sites using the affected versions [1].

Exploitation

An attacker can exploit this vulnerability by sending crafted HTTP requests to the WordPress site that include a specific key or parameter (user-controlled) to bypass authorization checks. No authentication is required. The attacker simply needs network access to the vulnerable site. The exploitation does not require any special privileges or user interaction [1].

Impact

Successful exploitation can lead to unauthorized modification of plugin settings, disclosure of sensitive configuration data, or other actions normally restricted to administrators. This can compromise the integrity and confidentiality of the WordPress installation, potentially allowing further attacks. The CVSS score is 5.3 (Medium) [1].

Mitigation

The vulnerability is fixed in version 3.7 of the plugin. Users should update to version 3.7 or later immediately. No other workarounds are provided in the reference. For Patchstack users, a mitigation rule is available to block attacks until the update is applied, and auto-updates for vulnerable plugins can be enabled [1].

[1] Patchstack advisory