CVE-2023-51670
📋 TL;DR
This CVE describes a Missing Authorization vulnerability in the FunnelKit Checkout WordPress plugin that allows authenticated users to activate arbitrary plugins without proper permissions. It affects all WordPress sites running FunnelKit Checkout versions up to 3.10.3. The vulnerability enables privilege escalation and unauthorized plugin activation.
💻 Affected Systems
- FunnelKit Checkout (formerly WooFunnels Aero Checkout)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could activate malicious plugins to gain administrative privileges, execute arbitrary code, or establish persistent backdoors on the WordPress site.
Likely Case
Authenticated users with minimal privileges (like subscribers) could activate plugins to gain additional capabilities, potentially leading to data theft, site defacement, or further exploitation.
If Mitigated
With proper access controls and least privilege principles, impact is limited to authorized users only, reducing the attack surface significantly.
🎯 Exploit Status
Exploitation requires authenticated access to WordPress. The vulnerability is in authorization checks for plugin activation functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.10.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find FunnelKit Checkout. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.10.4+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDeactivate FunnelKit Checkout plugin until patched version is available
wp plugin deactivate woofunnels-aero-checkout
Access Restriction
allRestrict WordPress admin access to trusted IP addresses only
🧯 If You Can't Patch
- Implement strict user role management with least privilege principles
- Monitor and audit plugin activation events in WordPress logs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for FunnelKit Checkout version 3.10.3 or earlierCheck Version:
wp plugin get woofunnels-aero-checkout --field=versionVerify Fix Applied:
Verify FunnelKit Checkout version is 3.10.4 or later in WordPress plugins list📡 Detection & Monitoring
Log Indicators:
- Unauthorized plugin activation events in WordPress logs
- Multiple plugin activation attempts by non-admin users
Network Indicators:
- HTTP POST requests to wp-admin/admin-ajax.php with plugin activation parameters
SIEM Query:
source="wordpress" AND (event="plugin_activated" OR message="*activated*plugin*") AND user_role!="administrator"🔗 References
- https://patchstack.com/database/vulnerability/woofunnels-aero-checkout/wordpress-funnelkit-checkout-plugin-3-10-3-authenticated-arbitrary-plugin-activation-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/woofunnels-aero-checkout/wordpress-funnelkit-checkout-plugin-3-10-3-authenticated-arbitrary-plugin-activation-vulnerability?_s_id=cve
