In this article, the author discusses WordPress security features related to nonces and AJAX/REST requests and identifies three critical vulnerabilities in popular WordPress plugins. WordPress powers 43% of websites on the internet, making it a prime target for exploitation. The author highlights that many plugins solely rely on nonces for authorization, which can lead to privilege escalation. One interesting point is the misuse of nonces for authentication instead of authorization. The author found vulnerabilities in plugins like Advanced File Manager and Filester, allowing for Remote Code Execution and Arbitrary File Upload. Overall, the article sheds light on the importance of robust security measures in WordPress plugins to prevent security breaches.
https://nowotarski.info/wordpress-nonce-authorization/