Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
PatchStack researchers have revealed details of critical security flaws.
Two vulnerabilities have been discovered in the Houzez WordPress theme, as well as in the associated Login Register plugin, threatening the security of more than 46,000 websites.
Researchers from PatchStack found that these security flaws allow attackers to gain unauthorized access and escalate their privileges on the site. Even though these issues have already been fixed, they can still threaten the security of WordPress sites where the aforementioned extensions have not yet been updated to the latest version.
The main vulnerability is a privilege escalation vulnerability in the Houzez theme. It allows unauthenticated attackers to gain access to administrator functions by sending specific HTTP requests. The problem is related to insufficient verification of access rights when processing user data, especially when resetting a password. The vulnerability was assigned the identifier CVE-2024-22303.
PatchStack specialists explain that in the affected versions, although the nonce token check was present, it could be obtained by any user with the "Subscriber" role. If registration was enabled on the site, the attacker could create an account and gain access to the password change token.
In addition, a similar problem was found in the Login Register plugin. The vulnerability, identified as CVE-2024-21743, could allow unauthorized users to change the email addresses of other accounts, which could lead to account takeover.
In order to solve the security problems described above, the developers have released patches for both Houzez and Login Register. Users are advised to update to version 3.3.0 or higher, where additional role checks have been introduced and the affected feature has been removed.
PatchStack also emphasizes the importance of strict user data checks when using WordPress features such as wp_update_user() and update_user_meta().
Source
Two vulnerabilities have been discovered in the Houzez WordPress theme, as well as in the associated Login Register plugin, threatening the security of more than 46,000 websites.
Researchers from PatchStack found that these security flaws allow attackers to gain unauthorized access and escalate their privileges on the site. Even though these issues have already been fixed, they can still threaten the security of WordPress sites where the aforementioned extensions have not yet been updated to the latest version.
The main vulnerability is a privilege escalation vulnerability in the Houzez theme. It allows unauthenticated attackers to gain access to administrator functions by sending specific HTTP requests. The problem is related to insufficient verification of access rights when processing user data, especially when resetting a password. The vulnerability was assigned the identifier CVE-2024-22303.
PatchStack specialists explain that in the affected versions, although the nonce token check was present, it could be obtained by any user with the "Subscriber" role. If registration was enabled on the site, the attacker could create an account and gain access to the password change token.
In addition, a similar problem was found in the Login Register plugin. The vulnerability, identified as CVE-2024-21743, could allow unauthorized users to change the email addresses of other accounts, which could lead to account takeover.
In order to solve the security problems described above, the developers have released patches for both Houzez and Login Register. Users are advised to update to version 3.3.0 or higher, where additional role checks have been introduced and the affected feature has been removed.
PatchStack also emphasizes the importance of strict user data checks when using WordPress features such as wp_update_user() and update_user_meta().
Source
