Description: The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the ‘stm_wpcfto_get_settings’ AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.
CVE-2024-9821
Published Date: 2024-10-12T03:15:02.507
Last Modified: 2024-10-12T03:15:02.507
CVSS Score: 8.8 (HIGH)
EPSS Score: N/A
Risk Score: N/A
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
8.8 |
EPSS:
0%
Mitre ATT&CK Technical v15.1
T1053.002 – At
Technical Analysis & Mitigation Measures
1. Technical Attack Analysis:
– Attack Techniques:
– T1053.002 – Scheduled Task/Job: Attackers may exploit the vulnerability by creating a scheduled task or job that triggers the AJAX action to retrieve sensitive information.
– Credential Dumping: By obtaining the Telegram Bot Token, attackers can potentially log in as any user who has used the bot, including high-privileged accounts such as administrators.
– Account Takeover: With the Telegram Bot Token, an attacker can impersonate the bot, gaining unauthorized access to user accounts and potentially escalating privileges.
– Information Gathering: Attackers can use the exposed token to gather more information about the site and its users, leading to further attacks.
– Possible Outcomes of Exploitation:
– Unauthorized access to user accounts, including administrators.
– Unauthorized control over the Telegram Bot, allowing for further attacks or data exfiltration.
– Compromise of site integrity and trust, leading to potential data breaches.
– Increased risk of phishing attacks targeting users of the compromised site.
2. Mitigation Measures:
– Implement proper authorization checks for all AJAX actions.
– Update the Bot for Telegram on WooCommerce plugin to the latest version.
– Restrict access to sensitive information based on user roles.
– Monitor and log AJAX requests for unusual activity.
– Educate users on the importance of strong, unique passwords.
– Enable two-factor authentication for all user accounts.
– Regularly review and audit user permissions and roles.
The content above is generated by AI. Please review and consider carefully before applying!
Reference Links
Vendor - Produce - Version
None
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.