A privilege escalation attack is a vulnerability that affects the server’s underlying operating system. In this attack, the attacker tries to gain elevated access to the resources that are typically protected from an application user. An application with all access privilege by the application developer or system administrator can perform unauthorised actions. All versions of WordPress with vulnerable plugins might have an issue by which it will allow authenticated users of any user level to set system option. This attack is possible due to the lack of validation implemented by the developer. This vulnerability allows an attacker to create a new account with admin privileges. This change by the attacker can have catastrophic effects on the application. There are plugins like easycart that allowed any user to change their privileges from low to high by manipulating ec_ajax_update_option and ec_ajax_clear_all_taxrates functions. These functions were available at /inc/admin/admin_ajax_functions.php. Using the vulnerable plugin, the attacker could change the admin’s E-Mail address to prevent the admin from getting notifications. The attacker will set a new administrator account using his ID. A successful exploitation gives the attacker complete access to the web application.
Using this vulnerability, an attacker can:-