CVE-2023-2987

Name of the Vulnerable Software and Affected Versions Wordapp plugin for WordPress versions up to, and including, 1.5.0

Description The issue is related to an authorization bypass due to the use of an insufficiently unique cryptographic signature on the wa pdx op config set function. This allows unauthenticated attackers to change the validation token in the plugin config, providing access to remote control functionalities, such as creating an admin access URL for privilege escalation.

Recommendations For Wordapp plugin for WordPress versions up to, and including, 1.5.0, update to a version higher than 1.5.0 to resolve the issue. As a temporary workaround, consider disabling the wa pdx op config set function until a patch is available. Restrict access to the plugin's remote control functionalities to minimize the risk of exploitation.