CVE-2023-36684 – This CVE describes a missing authorization vuln... (How to Fix)

Q: What is the severity of CVE-2023-36684?

CVE-2023-36684 has a CVSS score of 7.1 (HIGH). This CVE describes a missing authorization vulnerability in the WordPress Convert Pro plugin that allows unauthorized users to access administrative functions. It affects all WordPress sites running Convert Pro versions up to 1.7.5. Attackers can exploit this to modify plugin settings or potentially gain elevated privileges.

📋 TL;DR

This CVE describes a missing authorization vulnerability in the WordPress Convert Pro plugin that allows unauthorized users to access administrative functions. It affects all WordPress sites running Convert Pro versions up to 1.7.5. Attackers can exploit this to modify plugin settings or potentially gain elevated privileges.

💻 Affected Systems

Products:

WordPress Convert Pro plugin

Versions: n/a through 1.7.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable Convert Pro versions installed and activated.

📦 What is this software?

Convert Pro by Brainstormforce

View all CVEs affecting Convert Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through privilege escalation to administrator, allowing content modification, plugin/theme installation, or data exfiltration.

🟠

Likely Case

Unauthorized modification of Convert Pro settings, popup configurations, or lead capture forms, potentially enabling phishing or data collection.

🟢

If Mitigated

No impact if proper authorization checks are implemented and only authenticated administrators can access plugin functions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some WordPress user access but not administrative privileges. Attack patterns are well-known for WordPress authorization bypass vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.6 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/convertpro/wordpress-convert-pro-plugin-1-7-5-broken-access-control-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Convert Pro and click 'Update Now'. 4. Verify version is 1.7.6 or higher.

🔧 Temporary Workarounds

Disable Convert Pro plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate convertpro

Restrict plugin access via .htaccess

linux

Add IP-based restrictions to plugin admin pages

# Add to .htaccess in wp-content/plugins/convertpro/
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block unauthorized access to /wp-admin/admin.php?page=convertpro* endpoints
Enable WordPress security plugins that monitor for authorization bypass attempts and restrict user capabilities

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for Convert Pro version. If version is 1.7.5 or lower, system is vulnerable.

Check Version:

wp plugin get convertpro --field=version

Verify Fix Applied:

Verify Convert Pro version is 1.7.6 or higher in WordPress admin panel. Test administrative functions require proper authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthorized POST requests to /wp-admin/admin.php?page=convertpro* from non-admin users
Multiple 403 errors followed by 200 success codes for same endpoint

Network Indicators:

Unusual traffic patterns to WordPress admin endpoints from unexpected IPs
POST requests to convertpro endpoints without proper authentication headers

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin.php" AND query_string="*page=convertpro*") AND user_role!="administrator" AND response_code=200

📊 Metadata

CVE ID: CVE-2023-36684

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CWE: CWE-862

Published: June 19, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36684, you might also want to check these: