Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. Even with the maximum restrictions for a temporary administrator account, several attack vectors are possible against the targeted website, the simplest and fastest is raising system privileges to the administrator level (w/o restrictions) and taking full control of the attacked website.

PoC

Created a temporary admin account via the plugin (/wp-admin/users.php?page=controlled_admin_access), with limited access and open the below URLs which should not be accessible ### – [ PoC #1 | Improper Access Control | Customize: ] [!] https://example.com/wp-admin/customize.php ### – [ PoC #2 | Improper Access Control | All Settings: ] [!] https://example.com/wp-admin/options.php