CVE-2023-47760 - Missing Authorization Vulnerability in WPDeveloper Essential Blocks for Gutenberg Leads to Exploiting Incorrectly Configured Access Control Security Levels

---
The WPDeveloper Essential Blocks for Gutenberg WordPress plugin is a powerful set of customizable and extendable blocks to enhance Gutenberg's page-building capabilities. However, a critical vulnerability has been discovered affecting the plugin, allowing an attacker to exploit access control security levels with missing authorization checks. This vulnerability has been assigned as CVE-2023-47760 and impacts versions from N/A to 4.2.. In this post, we will discuss the technical details of this issue, how to reproduce it, and the potential risks associated with it.

Vulnerability Details

---
CVE-2023-47760 is a missing authorization vulnerability that allows malicious users to perform actions without the proper access control security levels. This issue occurs due to incorrect configuration and lack of authorization checks in the Essential Blocks plugin, allowing an attacker to gain admin-level privileges and access sensitive data on the platform. This exploit may lead to unintended data disclosure, unauthorized access, and potential damage to the affected website.

Technical Analysis

---
The vulnerability in WPDeveloper Essential Blocks for Gutenberg can be exploited using the following code snippet:

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
[...]

action=eb_whitelist_domain&eb_whitelist_nonce=INVALID_NONCE&content=["attacker-site.com"]

In this example, an attacker sends a POST request to the admin-ajax.php file with an invalid nonce, intending to add their domain to the whitelist. The plugin incorrectly allows this operation without checking if the current user has proper access control security level to perform this action. This enables the attacker to perform unauthorized actions and potentially compromise the affected website.

Exploit Procedure

---

To reproduce this vulnerability manually

1. Install the WPDeveloper Essential Blocks for Gutenberg plugin on a vulnerable WordPress site (versions N/A through 4.2.).
2. Use a tool like Burp Suite or a web browser's developer console to send a POST request similar to the example code snippet provided above.
3. Observe that the plugin allows the action to be performed without proper authorization checks, enabling unauthorized access.

Mitigation Strategies and Recommendations

---

To protect your website against CVE-2023-47760

* Update the WPDeveloper Essential Blocks for Gutenberg plugin to the latest version, which includes a patch addressing this vulnerability.
* If you cannot update the plugin immediately, consider disabling it until you can apply the necessary updates.
* Implement strict user roles and access control policies, limiting the permissions granted to WordPress users.
* Regularly review your website's plugins and ensure they are updated to their latest versions.

Original references

---
* WPDeveloper blog post about the vulnerability: Link
* Official CVE database entry for CVE-2023-47760: Link
* WPScan vulnerability database entry: Link

Conclusion

---
CVE-2023-47760 is a critical vulnerability in the WPDeveloper Essential Blocks for Gutenberg plugin that allows attackers to exploit incorrectly configured access control security levels. It is highly recommended that affected users update the plugin to the latest version as soon as possible to protect their WordPress sites. By following the recommended mitigation strategies, you can prevent unauthorized access and ensure the security of your website.

Timeline

Published on: 12/09/2024 13:15:29 UTC