An Insecure Direct Object References (IDOR) vulnerability has been identified in the WordPress Simplr Registration Form Plus+ Plugin. This vulnerability could allow a malicious actor to bypass authorization, and authentication, access sensitive files/folders, or interact with the database.
This vulnerability was discovered and responsibly reported by Lana Codes.
The vulnerability is an IDOR vulnerability that occurs in the simplr-registration-form-plus.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to bypass authorization and authentication.
Severity:
The IDOR vulnerability has a CVSS 3.1 score of 8.8, which is considered to be high. It demands immediate attention due to the substantial risk it poses to the website’s security and integrity.
Affected Versions:
As of the latest information, no patched version is available to address the IDOR vulnerability in the Simplr Registration Form Plus+ Plugin. Consequently, websites using this plugin are at elevated risk of potential attacks.
Impact:
An attacker who successfully exploits this vulnerability could:
- Bypass authorization and authentication to access sensitive information, such as user data, database credentials, and configuration files.
- Modify or delete sensitive data.
- Execute arbitrary code on the website.
- Take full control of the website.
Recommendation:
Users of the Simplr Registration Form Plus+ Plugin are strongly advised to uninstall the plugin until a patched version is released.
