CVE-2023-47761 - Missing Authorization Vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks: Exploiting Incorrectly Configured Access Control Security Levels

A recent vulnerability labelled as CVE-2023-47761 has been identified, which affects the popular WordPress plugin - Simple 301 Redirects by BetterLinks. This plugin, developed by WPDeveloper, is widely used for managing URL redirections in a WordPress-based website. Simple 301 Redirects by BetterLinks versions from n/a through 2..7 are impacted by a Missing Authorization vulnerability, which allows attackers to exploit incorrectly configured access control security levels. In this article, we will discuss the details of this vulnerability, including the affected code snippets, original references, and exploit details.

Vulnerability Details

The Missing Authorization vulnerability in Simple 301 Redirects by BetterLinks stems from incorrectly configured access control security levels. An attacker can exploit this issue to potentially make unauthorized changes to the plugin settings, leading to harmful redirections and compromising the integrity of the affected website.

The problematic code snippet in the plugin can be seen in the 'admin/class-simple301redirects-admin.php' file, where the 'run' function is missing the proper authorization checks. The non-inclusion of these checks allows any user - even those with low-level privileges - to access and modify the plugin settings, resulting in a security breach.

Here's the problematic code snippet from the 'admin/class-simple301redirects-admin.php' file

public function run()
{
    if (isset($_POST['submit'])) {
        $this->plugin->options->save_options();
    }
}

The above code snippet needs proper authorization checks to ensure that only authorized users can modify plugin settings.

Solution

To mitigate this vulnerability, WPDeveloper has released a patch in version 2..8 of Simple 301 Redirects by BetterLinks. Upgrading to this version will address the Missing Authorization vulnerability and secure your WordPress installation from potential exploits.

As a best practice, it is recommended to always update and maintain the latest version of WordPress plugins to ensure website security.

Original References

- NIST National Vulnerability Database (NVD) - CVE-2023-47761
- WPVulnDB - Missing Authorization vulnerability in Simple 301 Redirects by BetterLinks

Exploit Details

An attacker can exploit this vulnerability by sending a POST request with the modified plugin settings to the 'admin/class-simple301redirects-admin.php' file. This can be done using a tool like cURL or Postman. Here's an example of a malicious POST request:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "submit=1&new_setting_value=malicious_value" https://example.com/wp-admin/admin.php?page=simple301redirects-admin

This request will modify the plugin settings without any proper authorization, leading to the Missing Authorization vulnerability being exploited.

Conclusion

In summary, users of Simple 301 Redirects by BetterLinks plugin with versions from n/a through 2..7 are advised to immediately update to version 2..8 or later to address the Missing Authorization vulnerability (CVE-2023-47761). It is also a good practice to regularly update all WordPress plugins to their latest versions to ensure the security and integrity of your website.

Timeline

Published on: 12/09/2024 13:15:29 UTC