Unauthenticated Access to Plugin REST Routes via Insecure Direct Object Reference
CVE-2024-10174

7.3HIGH

Key Information:

Vendor: Wordpress
Status: WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts
Vendor: CVE Published:; 13 November 2024

Summary

The WP Project Manager plugin, which facilitates task, team, and project management within WordPress environments, is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability arises from insufficient validation mechanisms within the 'Abstract_Permission' class, specifically concerning the 'user_id' key controlled by the end user. As a result, unauthenticated attackers can manipulate user credentials, impersonating administrators and potentially gaining unrestricted access to all REST routes of the plugin. This could enable them to alter data or exploit other vulnerabilities within the WordPress site, leading to severe security implications for users.

Affected Version(s)

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts * <= 2.6.13

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wedevs-project...

https://plugins.trac.wordpress.org/changeset/3185807/wede...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024
Vulnerability Reserved
Oct 18, 2024

Credit

Matthew Rollings