CVE-2023-47828 – CVE-2023-47828 is a missing authorization vulne... (How to Fix)

Q: What is the severity of CVE-2023-47828?

CVE-2023-47828 has a CVSS score of 4.3 (MEDIUM). CVE-2023-47828 is a missing authorization vulnerability in the wpMandrill WordPress plugin that allows unauthorized users to access certain administrative functions. This affects all WordPress sites using wpMandrill versions up to 1.33. Attackers could potentially modify plugin settings or access restricted functionality.

📋 TL;DR

CVE-2023-47828 is a missing authorization vulnerability in the wpMandrill WordPress plugin that allows unauthorized users to access certain administrative functions. This affects all WordPress sites using wpMandrill versions up to 1.33. Attackers could potentially modify plugin settings or access restricted functionality.

💻 Affected Systems

Products:

wpMandrill WordPress Plugin

Versions: All versions up to and including 1.33

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with wpMandrill plugin installed and activated.

📦 What is this software?

Mandrill by Millermedia

View all CVEs affecting Mandrill →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized attackers could modify email sending configurations, potentially enabling email spoofing, intercepting emails, or disrupting email communications from the WordPress site.

🟠

Likely Case

Attackers could change plugin settings to redirect emails, modify email templates, or disrupt email functionality, potentially enabling phishing campaigns or business email compromise.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the specific WordPress instance, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access to the WordPress site, but not necessarily administrative privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.34 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wpmandrill/wordpress-wpmandrill-plugin-1-33-broken-access-control-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find wpMandrill and click 'Update Now'. 4. Verify update to version 1.34 or later.

🔧 Temporary Workarounds

Disable wpMandrill Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate wpmandrill

Restrict Access via .htaccess

linux

Add access restrictions to wpMandrill plugin directory

Order deny,allow
Deny from all

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the WordPress admin interface
Enable WordPress security plugins that monitor for unauthorized access attempts and block suspicious IPs

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → wpMandrill version

Check Version:

wp plugin get wpmandrill --field=version

Verify Fix Applied:

Verify wpMandrill version is 1.34 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to wpMandrill admin endpoints
Changes to wpMandrill settings from non-admin users

Network Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with wpMandrill actions

SIEM Query:

source="wordpress.log" AND (uri="/wp-admin/admin-ajax.php" AND action="wpmandrill_*")

📊 Metadata

CVE ID: CVE-2023-47828

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-862

Published: June 12, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47828, you might also want to check these: