In the popular AMP plugin for WordPress, a dangerous vulnerability has been fixed that allows users of WordPress sites with any privilege level to make changes that require administrative rights.
According to researchers from WebARX Security, the plugin does not provide a mechanism for checking the privilege level of the current authorized user. As a result, access to the API, which should be provided only to administrators, can be obtained by any user authorized on the site.
API calls are made using the Ajax framework. They are, in essence, “hooks” used by administrators to interact with third-party and external functions necessary to manage the site.
“In the development of plug-ins for WordPress, there is the possibility of registering Ajax hooks that allow you to invoke functionality directly. The main problem is that these “hooks” of Ajax can be appealed by any registered user (regardless of privilege level), ”the researchers explained.
Vulnerability fixed in AMP version 0.9.97.20.