Impact
The vulnerability is a flaw in the is_mainwp_authenticated() function where the return value of the password validation is incorrectly interpreted, representing a CWE-287 (Authentication Bypass) weakness. An attacker who knows an administrator’s username can send any Basic Authentication password in the Authorization header. The plugin mistakenly accepts the request and treats the attacker as the admin for the request’s duration, allowing full administrative privileges without legitimate credentials. This permits the attacker to perform any action that a site owner can, effectively enabling a temporary admin takeover.
Affected Systems
The vulnerability affects WordPress sites running the Burst Statistics – Privacy-Friendly WordPress Analytics plugin, specifically versions 3.4.0 through 3.4.1.1. Any installation of these plugin versions is exposed.
Risk and Exploitability
Based on the information, the vulnerability appears to be exploitable over the network via HTTP requests with a forged Authorization header to the plugin’s endpoint. The CVSS score of 9.8 indicates a Critical severity, and the EPSS score of 15% indicates a moderate-to-high probability of exploitation. The vulnerability is not yet listed in the CISA KEV catalog, so no publicly documented exploits are known. Attackers only need network access to the site and knowledge of an administrator’s username; any Basic Authentication password will be accepted by the flawed logic, allowing the attacker to impersonate the administrator for the duration of the request.
OpenCVE Enrichment