CVE-2023-4025 – The Radio Player WordPress plugin has an author... (How to Fix)

📋 TL;DR

The Radio Player WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify player instances. This affects all WordPress sites running Radio Player version 2.0.73 or earlier. Attackers can exploit this without any authentication or special privileges.

💻 Affected Systems

Products:

Radio Player WordPress Plugin

Versions: Up to and including 2.0.73

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin version are affected regardless of configuration.

📦 What is this software?

Radio Player by Softlabbd

View all CVEs affecting Radio Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify all player configurations, inject malicious content into players, or potentially chain with other vulnerabilities for further compromise.

🟠

Likely Case

Attackers will modify player settings to display malicious content, redirect users, or disrupt functionality.

🟢

If Mitigated

With proper network segmentation and WAF rules, impact is limited to plugin functionality disruption.

🌐 Internet-Facing: HIGH - WordPress plugins are typically internet-facing and this requires no authentication.

🏢 Internal Only: MEDIUM - Internal WordPress instances could still be affected but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit via crafted HTTP requests to the vulnerable AJAX endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.74 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3048105

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Go to Plugins → Installed Plugins
3. Find Radio Player plugin
4. Click 'Update Now' if available
5. If not, download version 2.0.74+ from WordPress.org
6. Deactivate old version
7. Upload and activate new version

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoint

all

Block access to the vulnerable update_player function via .htaccess or web server configuration

# Add to .htaccess:
<Files "admin-ajax.php">
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{QUERY_STRING} action=radio_player_update_player
        RewriteRule .* - [F,L]
    </IfModule>
</Files>

Disable plugin

linux

Temporarily disable the Radio Player plugin until patched

wp plugin deactivate radio-player

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests containing 'radio_player_update_player' action parameter
Restrict access to WordPress admin-ajax.php endpoint to authenticated users only

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Radio Player version. If version is 2.0.73 or lower, you are vulnerable.

Check Version:

wp plugin get radio-player --field=version

Verify Fix Applied:

After updating, verify Radio Player version shows 2.0.74 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with 'action=radio_player_update_player' parameter from unauthenticated users
Unusual modifications to radio player settings in database

Network Indicators:

HTTP POST requests to admin-ajax.php with radio_player_update_player action from unexpected IPs

SIEM Query:

source="web_server" AND uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND query_string="*action=radio_player_update_player*"

📊 Metadata

CVE ID: CVE-2023-4025

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

Published: August 17, 2024

Last Updated: August 28, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4025, you might also want to check these: