CVE-2021-25032 Scanner
CVE-2021-25032 Scanner - Missing Authorization vulnerability in PublishPress Capabilities
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 15 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
PublishPress Capabilities is a popular WordPress plugin used by site administrators to manage user roles and permissions on their websites. It provides fine-grained control over capabilities, allowing customization of access rights for different users. The plugin is widely used to enhance the default WordPress user management system, ensuring that content and administrative privileges are assigned appropriately. WordPress site owners and developers rely on this plugin to maintain security and operational integrity of their sites. The plugin is actively maintained and updated to fix bugs and security issues. Users are encouraged to keep it updated to the latest versions to avoid vulnerabilities.
This vulnerability arises from missing proper authorization and Cross-Site Request Forgery (CSRF) protections during settings updates performed via the init hook. As a result, unauthenticated attackers can exploit this flaw to update arbitrary blog options without any authentication. This includes critical settings such as setting the default user role to administrator, which can grant unauthorized users full control over the website. The vulnerability allows attackers to bypass all normal access controls and modify sensitive site configurations remotely.
Technically, the exploit is performed by sending crafted POST requests to the /wp-admin/admin.php endpoint with parameters targeting the pp-capabilities-settings page. The requests do not require any valid authentication token or nonce, enabling any remote attacker to perform the changes. The scanner confirms the vulnerability by verifying the presence of the updated default role set to Administrator in subsequent HTTP responses. This demonstrates that unauthorized modifications have been successfully applied due to insufficient authorization checks.
Successful exploitation can lead to complete site takeover by granting administrative privileges to unauthorized users. Attackers may add, remove, or modify content, install malicious plugins, steal user data, and disrupt website operations. The integrity, confidentiality, and availability of the affected WordPress site are severely compromised. Immediate remediation is required to prevent widespread attacks and damage to website reputation and functionality.
REFERENCES
