Description

WordPress Plugin Passster Age Gate is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently perform a variety of the plugin's actions or even take over a website. WordPress Plugin Passster Age Gate version 4.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.0.7 or latest

References

https://www.pluginvulnerabilities.com/2019/02/26/hackers-are-probably-already-exploiting-this-authenticated-option-update-vulnerability-just-fixed-in-freemius/

https://github.com/Freemius/wordpress-sdk/commit/50a7ca3d921d59e1d2b39bb6ab3c6c7efde494b8

https://plugins.svn.wordpress.org/content-warning-v2/trunk/readme.txt

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1717)

WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)

WordPress Plugin Dynamic Featured Image Unspecified Vulnerability (1.0.3)

WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.6.7)

WordPress Plugin Affiliates Manager Cross-Site Scripting (2.8.9)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass