Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin - 20231129003 (#423)

* T1566.001 - QR Code Phishing Attachment (Quishing) - Updated the KQL with Recipient Email address

* # NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors - 20230928002

* Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009003

* Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001

* Update T1566.001-QR-CodePhishingAttachment(Quishing).md

Updated the document version number to 1.0

* Citrix Releases Security Updates for Multiple Products - 20231012001

* Updated Citrix Releases Security Updates for Multiple Products - 20231012001

* Updated Citrix Releases Security Updates for Multiple Products - 20231012001

* Added new ADS and updates

* Updated Advisory number for Citrix advisory

* Updated ADSs with macros for MITRE URL's

* Updates libraries and requirement.txt

* Removed macros for Software ID related ADS's

* Added marcos to retrieve MITRE URL's

* Updated requirements.txt with BeautifulSoup4 req

* 20231023005-SolarWinds-ARM-ThreeCriticalRCEVulnerabilities.md

* Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities - 20231025001

* VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities - 20231026001

* Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004

* Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004

* Apple Releases Security Advisories for Multiple Products - 20231027005

* Updated CVSS score of CVE-2023-4966 - 20231012003

* Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002

* Added logic to resolve links to MITRE tactics

* Added new ADS's and updated existing ones

* Updated entry to hide Lateral Movement - Webservers in Guidelines table

* New Microsoft Exchange zero-days allow RCE, data theft attacks - 20231106002

* Updated ADS formatting and KQL Syntax's

* Updated ADS formatting and KQL Syntax's

* Minor updates to formatting

* updates to ads

* Updates to ADS

* Minor updates to ADS

* Updated ADS

* Updates to ADS

* Updated ADS

* Minor updates to ADS's

* Updates to ADSs

* Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001

* Updated Linux Webshell indicator ADS

* Updated the Technique ID in Linux Webshell Indicators

* Juniper Junos OS  EX /  SRX vulnerabilities - 20231114002

* Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability - 20231116001

* Update 20231116001-Microsoft-Windows-Mark-of-the-Web-(MOTW)-Security-Feature-Bypass-Vulnerability.md

* Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin - 20231129003

---------

Co-authored-by: Joshua Hitchen (DGov) <[email protected]>
Co-authored-by: Adon Metcalfe <[email protected]>

Author: 3 people

docs/advisories/20231129003-Several-Critical-Vulnerabilities-including-Privilege-Escalation-Authentication-Bypass-and-More-Patched-in-UserPro-WordPress-Plugin.md

@@ -0,0 +1,36 @@
+# Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin - 20231129003
+
+## Overview
+
+The WA SOC has observed a vulnerability in UserPro plugin for WordPress. When exploited, it would allow a threat actor unauthorised access.
+
+## What is the vulnerability?
+
+[**CVE-2023-2448**](https://nvd.nist.gov/vuln/detail/CVE-2023-2448) - CVSS v3 Base Score: ***6.5***
+
+The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
+
+[**CVE-2023-2446**](https://nvd.nist.gov/vuln/detail/CVE-2023-2446) - CVSS v3 Base Score: ***6.5***
+
+The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
+
+## What is vulnerable?
+
+The vulnerability affects the following products:
+
+- The 'userpro' shortcode in versions up to, and including 5.1.1
+- the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Update to version 5.1.5 (or the latest) of the plugin.
+
+## Additional References
+
+- [Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin (wordfence.com)](https://www.wordfence.com/blog/2023/11/several-critical-vulnerabilities-including-privilege-escalation-authentication-bypass-and-more-patched-in-userpro-wordpress-plugin/)