A high-severity vulnerability has been identified in two WordPress plugins developed by AA-Team, which could allow a low-privileged attacker to gain full administrative control over an affected website. Successful exploitation could lead to complete website compromise, data theft, and reputational damage. Immediate patching is required to mitigate the significant risk posed by this privilege escalation flaw.

The vulnerability is an Incorrect Privilege Assignment flaw within the specified AA-Team plugins. The plugins fail to properly validate user permissions for certain administrative functions. An authenticated attacker with low-level privileges (such as a subscriber) can craft a malicious request to exploit this flaw, granting their account administrative rights and effectively taking full control of the WordPress site.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. An attacker who successfully escalates their privileges to an administrator level can achieve a complete compromise of the web application. Potential consequences include theft of sensitive customer or corporate data, website defacement causing severe reputational harm, injection of malware to attack site visitors, and using the compromised server to launch further attacks, leading to potential business disruption and financial loss.

Immediate Action:

• Immediately update the "AA-Team Premium Age Verification / Restriction for WordPress" and "AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress" plugins to the latest patched versions provided by the vendor.
• If these plugins are not essential to business operations, consider deactivating and uninstalling them to eliminate the attack surface.
• Review all user accounts, especially those with administrative privileges, to ensure no unauthorized accounts or privilege changes have occurred.

Proactive Monitoring:

• Monitor WordPress audit logs for unexpected or unauthorized user role changes, particularly any escalation to the 'Administrator' role.
• Review web server access logs and Web Application Firewall (WAF) logs for suspicious POST requests to plugin-specific endpoints, which may indicate exploitation attempts.
• Implement file integrity monitoring to detect unauthorized changes to WordPress core files, themes, or plugins.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to block exploit attempts against this vulnerability.
• Restrict access to the WordPress admin dashboard (/wp-admin) to trusted IP addresses only.
• Enforce mandatory Two-Factor Authentication (2FA) for all user accounts, especially for administrator and editor roles, to add another layer of security against account takeover.

Public Exploit Available: false

This vulnerability represents a critical risk and must be addressed with high priority. We strongly recommend that organizations immediately apply the security updates for the affected AA-Team plugins across all WordPress instances. Although this CVE is not currently listed on the CISA KEV list, its high severity and potential for complete system compromise warrant immediate remediation to prevent potential exploitation.