The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wordpress_logged_in_` cookie in the `inc/cache/execute-cache.php` file when the "Cache Logged-in Users" setting is enabled. The plugin parses the username directly from the cookie value (e.g., `username|hash`) using `substr()` to retrieve the corresponding cache file but fails to verify the session's cryptographic signature or validity with WordPress core. This makes it possible for unauthenticated attackers to supply a crafted cookie (e.g., `wordpress_logged_in_fake=admin|fake`) to trick the plugin into serving the cached HTML content generated for an administrator, leading to the disclosure of sensitive information such as private posts (including their full content), the Admin Bar, WordPress nonces, and other data visible only to logged-in administrators or other users.
The Breeze WordPress plugin versions up to 2.5.2 improperly validates the wordpress_logged_in_ cookie, allowing unauthenticated attackers to craft malicious cookies and access cached content intended for authenticated users. This vulnerability exposes sensitive information including private posts, admin bars, and other privileged content when the 'Cache Logged-in Users' setting is enabled.
تحتوي إضافة Breeze للـ WordPress على ثغرة في التحقق من صحة ملف تعريف الارتباط wordpress_logged_in_ حيث تقوم بتحليل اسم المستخدم مباشرة من قيمة الملف دون التحقق من التوقيع التشفيري. يمكن للمهاجمين غير المصرحين إنشاء ملفات تعريف ارتباط مزيفة للوصول إلى محتوى مخزن مؤقتاً مخصص للمسؤولين والمستخدمين المصرحين.
The Breeze WordPress plugin versions up to 2.5.2 improperly validates the wordpress_logged_in_ cookie, allowing unauthenticated attackers to craft malicious cookies and access cached content intended for authenticated users. This vulnerability exposes sensitive information including private posts, admin bars, and other privileged content when the 'Cache Logged-in Users' setting is enabled.
Update the Breeze plugin to version 2.5.3 or later immediately. Disable the 'Cache Logged-in Users' setting if immediate patching is not possible. Implement additional access controls and monitor for suspicious cookie patterns in web server logs.
قم بتحديث إضافة Breeze إلى الإصدار 2.5.3 أو أحدث فوراً. قم بتعطيل إعداد 'Cache Logged-in Users' إذا لم يكن التحديث الفوري ممكناً. طبق ضوابط وصول إضافية ومراقبة الأنماط المريبة في سجلات خادم الويب.