A critical Broken Access Control vulnerability has been discovered in the WooCommerce Warranty Requests plugin, posing significant risks to WordPress security and exposing websites to potential malware threats. This vulnerability allows unauthorized access to restricted resources, enabling attackers to exploit sensitive data or perform unauthorized actions. The security flaw was identified and reported by Rafie Muhammad of Patchstack. By exploiting the vulnerability in the warranty-requests.php file, attackers can manipulate URLs to access resources beyond their authorization. To safeguard against potential exploits, users of the WooCommerce Warranty Requests plugin are strongly advised to update to version 2.2.0 immediately, as it includes vital fixes to mitigate the vulnerability and enhance overall plugin security.
The Broken Access Control vulnerability in the WooCommerce Warranty Requests plugin enables attackers to gain unauthorized access to restricted resources by manipulating URLs and specifying the ID of a specific warranty request.
Severity:
With a CVSS 3.1 score of 7.5, the vulnerability is categorized as high severity, signifying its high likelihood of exploitation and significant impact on affected systems.
Affected Versions:
The vulnerability affects WooCommerce Warranty Requests versions up to and including 2.1.9, leaving users of older versions vulnerable to potential attacks.
Impact:
Exploiting this vulnerability allows attackers to view or modify sensitive data, create or delete arbitrary warranty requests, and perform other unauthorized actions.
Recommendation:
To ensure robust WordPress security and mitigate potential risks, users of the WooCommerce Warranty Requests plugin running affected versions should update to version 2.2.0 immediately. Upgrading to the latest version is crucial to safeguard against unauthorized access and enhance overall plugin security.
