BID:52084

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

Info

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

Bugtraq ID:	52084
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 20 2012 12:00AM
Updated:	Feb 20 2012 12:00AM
Credit:	schaffnern
Vulnerable:	WordPress Absolute Privacy 2.0.5

Not Vulnerable:

Discussion

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

WordPress Absolute Privacy plugin is prone to a security-bypass vulnerability.

Attackers can exploit this vulnerability to bypass authentication mechanism and gain administrative access to an affected application, which may aid in further attacks.

Exploit / POC

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

Attackers can exploit this issue through a browser.

Solution / Fix

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

References:

Absolute Privacy badly broken (WordPress)
Absolute Privacy Plugin Homepage (WordPress)