The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_speedup01_enabled` AJAX action, does not perform any capability check via `current_user_can()` and also lacks nonce verification. This is in contrast to other AJAX handlers in the same plugin (e.g., `speedup01_ajax_install_iox` and `speedup01_ajax_delete_cache_file`) which properly check for `install_plugins` and `manage_options` capabilities respectively. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable or disable the site's optimization module by sending a POST request to admin-ajax.
The Speedup Optimization WordPress plugin versions up to 1.5.9 lack authorization checks in the speedup01_ajax_enabled() AJAX function, allowing authenticated subscribers to enable or disable site optimization. This vulnerability bypasses capability checks that are properly implemented in other plugin functions.
إضافة Speedup Optimization لـ WordPress تحتوي على ثغرة في التحقق من الصلاحيات في دالة AJAX تسمى speedup01_ajax_enabled(). يمكن للمستخدمين المصرح لهم على مستوى المشترك أو أعلى تفعيل أو تعطيل وحدة تحسين الموقع دون التحقق من الصلاحيات المناسبة.
The Speedup Optimization WordPress plugin versions up to 1.5.9 lack authorization checks in the speedup01_ajax_enabled() AJAX function, allowing authenticated subscribers to enable or disable site optimization. This vulnerability bypasses capability checks that are properly implemented in other plugin functions.
Update the Speedup Optimization plugin to version 1.6.0 or later. Implement proper capability checks using current_user_can() with appropriate capabilities (e.g., manage_options) and add nonce verification to the speedup01_ajax_enabled() function. Restrict AJAX handlers to authenticated users with administrative privileges.
قم بتحديث إضافة Speedup Optimization إلى الإصدار 1.6.0 أو أحدث. قم بتنفيذ فحوصات القدرات المناسبة باستخدام current_user_can() مع القدرات المناسبة (مثل manage_options) وأضف التحقق من nonce إلى دالة speedup01_ajax_enabled(). قيد معالجات AJAX للمستخدمين المصرح لهم فقط مع امتيازات إدارية.