2023-05-31 02:40:20
Wordfence
PUBLISHED
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the wa_pdx_op_config_set function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the validation_token in the plugin config, providing access to the plugins remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.