A critical Broken Access Control vulnerability has been identified in the WooODT Lite plugin. This vulnerability could allow an unprivileged user to execute certain higher privileged actions on the website.

Abdi Pranata discovered and reported this vulnerability.

This vulnerability is caused by a flaw in the way that the WooODT Lite plugin handles authorization and authentication checks. The vulnerability allows an attacker to exploit a flaw in the plugin’s code to execute certain higher privileged actions on the affected website.

Severity

Critical (CVSS 3.1 score of 8.8)

Affected Versions

All versions of the WooODT Lite plugin

Impact

If a malicious actor is able to exploit this vulnerability, they could:

  • Execute certain higher privileged actions on the website
  • Install and execute malicious plugins or themes
  • Steal data from your website, such as user information or passwords
  • Deface¬† website

Recommendation

In response to this critical security alert, consider the following actions:

  1. Deactivate and Uninstall the Plugin: Due to the high severity of this vulnerability and the absence of a patched version, it is strongly recommended to deactivate and completely uninstall the WooODT Lite Plugin from the WordPress site. Removing the plugin is a precautionary measure to mitigate the risk of exploitation.
  2. Seek Alternatives: Explore alternative plugins or solutions that can replace the functionality provided by WooODT Lite. The WordPress plugin ecosystem offers a wide range of options, and it’s essential to research and transition to a more secure alternative.
  3. Vigilance and Monitoring: Keep a watchful eye on the WordPress site for any unusual activities or unauthorized access. Regularly monitor and audit your site’s security to detect and respond to any potential breaches.
  4. Backup and Recovery Plan: Implement a robust backup and recovery strategy for the website. Backups can serve as a safety net in case of any security incidents or changes made to the site.
  5. WordPress Core and Plugin Updates: Ensure that WordPress core installation, as well as all other plugins and themes, are up to date. Regularly applying updates is fundamental to maintaining the site’s security.