CVE-2023-3325

Name of the Vulnerable Software and Affected Versions CMS Commander plugin for WordPress versions up to, and including, 2.287

Description The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site function. This allows unauthenticated attackers to change the cmsc public key in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. The vulnerability can only be exploited if the plugin has not been configured yet. However, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

Recommendations For CMS Commander plugin for WordPress versions up to, and including, 2.287: Update to a version higher than 2.287 to resolve the issue. As a temporary workaround, consider disabling the cmsc add site function until a patch is available. Restrict access to the plugin's remote control functionalities to minimize the risk of exploitation. Avoid using the cmsc public key in the plugin config until the issue is resolved.