Executive Summary

The WP Business Intelligence Lite plugin for WordPress is vulnerable to an authorization bypass. This vulnerability affects all versions up to and including 3.2.0 and allows authenticated attackers with Subscriber-level access and above to modify stored SQL queries. When these modified queries are viewed by an administrator, it can lead to privilege escalation via arbitrary SQL execution. The CVSS score for this vulnerability is 8, indicating a high severity level.

Technical Analysis

This vulnerability is classified as an authorization bypass (CWE-862). The plugin fails to properly verify that a user is authorized to perform certain actions. Specifically, the vulnerability exists because the plugin does not correctly validate user permissions before allowing them to modify stored SQL queries.

How It Gets Exploited

An attacker with Subscriber-level access and above on a WordPress site using the WP Business Intelligence Lite plugin can exploit this vulnerability. The attacker would navigate to the plugin's functionality that allows query modification. By submitting a crafted query, the attacker can modify stored SQL queries. When an administrator views or interacts with the modified query, the attacker's malicious SQL code can be executed. This can lead to arbitrary SQL execution, potentially allowing the attacker to escalate their privileges.

Impact Assessment

The WP Business Intelligence Lite plugin versions up to and including 3.2.0 are affected. Successful exploitation can lead to privilege escalation and arbitrary SQL execution. The CVSS score of 8 indicates a high severity level, with impacts on confidentiality, integrity, and availability.

Recommended Actions

To mitigate this vulnerability, update the WP Business Intelligence Lite plugin to a version beyond 3.2.0 as soon as possible. Additionally, monitor your WordPress site for any suspicious activity related to SQL queries and user privilege escalations. Implement a Web Application Firewall (WAF) rule to detect and block suspicious SQL injection attempts.

Sources

- National Vulnerability Database (NVD) - Wordfence