CVE-2024-12264
Published: 07 January 2025
Description
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts.
Security Summary
CVE-2024-2024-12264 is a privilege escalation vulnerability in the PayU CommercePro Plugin for WordPress, affecting all versions up to and including 3.8.3. The flaw arises from the REST API endpoints /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, which do not properly verify a user's identity before setting the user's ID and authentication cookies. This issue is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated attackers can exploit the vulnerability remotely with low attack complexity and no user interaction. By leveraging the flawed endpoints, they can create new administrative user accounts on the WordPress site, enabling full unauthorized access and control over the affected instance.
Advisories, including the Wordfence threat intelligence report and WordPress plugin repository details, highlight the need to update beyond version 3.8.3. Relevant source code at line 187 in class-payu-shipping-tax-api-calculation.php and changeset 3217148 in the payu-india repository provide insight into the fix implementation.
Details
- CWE(s)