The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks any capability check (e.g., current_user_can('manage_options')) and does not verify a nonce. It directly queries the database for the e-shot API token stored in the eshotformbuilder_control table and returns it along with all subaccount data as a JSON response. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the e-shot API token and subaccount information, which could then be used to access the victim's e-shot platform account.
The e-shot form builder WordPress plugin versions up to 1.0.2 contains a sensitive information exposure vulnerability in its AJAX handler that exposes API tokens and subaccount data to authenticated users without proper capability checks. Attackers with subscriber-level access can extract e-shot API credentials to compromise the victim's e-shot platform account.
تحتوي إضافة e-shot form builder للإصدارات حتى 1.0.2 على ثغرة في كشف المعلومات الحساسة حيث تقوم دالة AJAX بإرجاع رموز API وبيانات الحسابات الفرعية لأي مستخدم مصرح بدون التحقق من الصلاحيات أو التحقق من nonce. يمكن للمهاجمين الذين لديهم وصول على مستوى المشترك استخراج بيانات اعتماد e-shot واستخدامها للوصول غير المصرح به إلى حساب المنصة.
The e-shot form builder WordPress plugin versions up to 1.0.2 contains a sensitive information exposure vulnerability in its AJAX handler that exposes API tokens and subaccount data to authenticated users without proper capability checks. Attackers with subscriber-level access can extract e-shot API credentials to compromise the victim's e-shot platform account.
Update the e-shot form builder plugin to version 1.0.3 or later immediately. Implement capability checks using current_user_can('manage_options') in the eshot_form_builder_get_account_data() function. Add nonce verification to all AJAX handlers. Audit WordPress user accounts and revoke unnecessary subscriber-level access. Rotate e-shot API tokens if exposure is suspected. Monitor e-shot platform account activity for unauthorized access.
قم بتحديث إضافة e-shot form builder إلى الإصدار 1.0.3 أو أحدث فوراً. قم بتطبيق فحوصات الصلاحيات باستخدام current_user_can('manage_options') في دالة eshot_form_builder_get_account_data(). أضف التحقق من nonce لجميع معالجات AJAX. قم بمراجعة حسابات مستخدمي WordPress وإلغاء الوصول غير الضروري على مستوى المشترك. قم بتدوير رموز API الخاصة بـ e-shot إذا كان هناك اشتباه في التعرض. راقب نشاط حساب منصة e-shot للوصول غير المصرح به.