CVE-2022-0833 in Church Admin Plugin
Summary
by MITRE • 03/28/2022
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/31/2022
The vulnerability identified as CVE-2022-0833 affects the Church Admin WordPress plugin version 3.4.134 and earlier, representing a critical authorization and cross-site request forgery weakness that fundamentally undermines the security posture of affected WordPress installations. This flaw exists within the plugin's handling of specific administrative actions and file access mechanisms, creating a pathway for unauthenticated attackers to exploit the system without proper authentication credentials or session validation. The vulnerability specifically targets the plugin's backup functionality, where the absence of proper access controls allows attackers to manipulate the system's backup processes.
The technical implementation of this vulnerability stems from the plugin's failure to enforce proper authorization checks and CSRF protection mechanisms for certain administrative endpoints. When attackers repeatedly trigger the "refresh-backup" action, they can exploit the lack of authentication requirements to initiate backup processes without legitimate user credentials. Concurrently, the plugin generates temporary files during backup operations that are accessible through publicly reachable URLs, creating an information disclosure vulnerability that reveals the final backup filename. This dual weakness enables attackers to construct a complete attack vector where they can both initiate backup processes and discover the exact location of backup files through systematic request patterns.
The operational impact of CVE-2022-0833 extends beyond simple data exposure, as it provides attackers with direct access to sensitive database backup files that contain potentially critical information about church member data, administrative records, and other confidential information stored within the WordPress environment. The vulnerability aligns with CWE-352, which describes Cross-Site Request Forgery weaknesses, and CWE-284, which covers improper access control scenarios. Attackers can leverage this vulnerability to perform automated reconnaissance and data extraction, potentially compromising the privacy and security of entire church communities that rely on the plugin for administrative functions. The attack requires minimal sophistication and can be automated, making it particularly dangerous for widespread exploitation.
Security implications of this vulnerability are exacerbated by the fact that it operates entirely without requiring authentication, allowing any internet-connected attacker to exploit the system. The combination of missing authorization controls and exposed temporary file generation creates a perfect storm for information disclosure attacks that can lead to complete database compromise. Organizations using the affected plugin versions face significant risk of data breaches, regulatory violations, and potential legal consequences due to unauthorized access to sensitive information. The vulnerability demonstrates poor security practices in plugin development, particularly the failure to implement proper input validation, access control mechanisms, and CSRF protection. Mitigation strategies must include immediate plugin updates to version 3.4.135 or later, which address the authorization and CSRF issues. Additional protective measures should involve implementing web application firewalls, monitoring for unusual backup-related requests, and restricting access to plugin temporary directories through server configuration changes. The vulnerability also highlights the importance of following ATT&CK framework principles for defensive measures, specifically targeting the credential access and reconnaissance phases where attackers can exploit such flaws to gain unauthorized system access.