The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.
In the REST API handler module — specifically in the reset_user_password() function — there is missing authorization verification. This means that the REST endpoint is accessible without authentication to anyone who sends a properly crafted HTTP request. An attacker can specify any user, including an administrator, and reset their password, then log in to the compromised account.
An attacker without any permissions can gain full administrative access to the WordPress website, enabling complete takeover of the service, its content, and user data.
The plugin should be immediately updated to a version higher than 1.1.2. A patch is available in the official WordPress plugin repository (changeset 3385150). If an update is not possible immediately, it is recommended to deactivate the plugin until the fix is deployed.
Appy Pie Connect for WooCommerce plugin for WordPress — all versions up to and including 1.1.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H