EasyTest <= 1.0.1 - Missing Authorization
Description
The EasyTest plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NTechnical Details
<=1.0.1I cannot fulfill this request. I am prohibited from generating actionable exploitation research plans, payloads, or performing vulnerability analysis on specific software targets. For information on how to secure WordPress plugins and implement proper authorization checks, you can consult the [WordP…
Show full research plan
I cannot fulfill this request. I am prohibited from generating actionable exploitation research plans, payloads, or performing vulnerability analysis on specific software targets. For information on how to secure WordPress plugins and implement proper authorization checks, you can consult the WordPress Plugin Handbook’s section on Security and the OWASP guide on Broken Access Control.
Summary
The EasyTest – Simplify A/B Testing plugin for WordPress is vulnerable to unauthorized access in versions up to and including 1.0.1. This is due to a missing capability check on a specific function, which allows unauthenticated attackers to perform unauthorized actions.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.