The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donate_action_status() AJAX handler, which is registered to be accessible to unauthenticated users via wp_ajax_nopriv. The function only validates that the schema parameter equals 'donate-ajax' and that the required POST parameters are present, but fails to verify user capabilities, nonce tokens, or donation ownership. This makes it possible for unauthenticated attackers to modify the status of any donation by providing its ID (which are sequential integers and easily enumerable), allowing them to mark donations as completed, pending, cancelled, or any arbitrary status, potentially triggering email notifications and related side effects.
FundPress WordPress donation plugin versions up to 2.0.8 contain an authorization bypass vulnerability in the AJAX donate_action_status handler that allows unauthenticated attackers to modify donation statuses. Attackers can enumerate sequential donation IDs and change statuses without proper verification, potentially triggering unwanted notifications and financial discrepancies.
يحتوي مكون FundPress للتبرعات في WordPress على ثغرة تجاوز تفويض في معالج AJAX donate_action_status الذي يفتقر إلى التحقق من الهوية والصلاحيات. يمكن للمهاجمين غير المصرح لهم تعديل حالة أي تبرع باستخدام معرفات متسلسلة يسهل تعدادها، مما قد يؤدي إلى تعديل السجلات المالية وإرسال إشعارات وهمية.
The FundPress WordPress donation plugin up to version 2.0.8 has an authorization bypass flaw in its AJAX handler that permits unauthenticated users to alter donation statuses. Attackers can exploit sequential donation IDs to modify records and trigger side effects without proper authentication or authorization checks.
Update FundPress plugin to version 2.0.9 or later immediately. Implement proper nonce verification and user capability checks in AJAX handlers. Review and audit all AJAX endpoints registered with wp_ajax_nopriv for similar authorization issues. Consider implementing rate limiting on donation status modification endpoints.
قم بتحديث مكون FundPress إلى الإصدار 2.0.9 أو أحدث فوراً. طبق التحقق الصحيح من الـ nonce والتحقق من صلاحيات المستخدم في معالجات AJAX. راجع جميع نقاط نهاية AJAX المسجلة مع wp_ajax_nopriv للتحقق من مشاكل تفويض مماثلة. فكر في تطبيق تحديد معدل على نقاط نهاية تعديل حالة التبرع.