SB2020010903 - Privilege escalation in Minimal Coming Soon & Maintenance Mode plugin for WordPress
Published: January 9, 2020
Security Bulletin ID
SB2020010903
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6166)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper permission check in the "is_admin()" function. A remote user can export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site.
PoC:
/wp-admin/admin.php?action=csmm_export_settings&redirect=/wp-admin/
/wp-admin/admin.php?action=csmm_activate_theme&theme=minimal&redirect=/wp-admin/
Remediation
Install update from vendor's website.