Scientists have identified critical privilege-escalation vulnerabilities in a WordPress plugin installed in 100k websites.
The three flaws in Ultimate Member were detected by Wordfence’s Risk Intelligence Team, which described them as “critical and intense” and “straightforward to exploit.”
By abusing the flaws, an attacker could escalate their privileges to people of an administrator and absolutely choose more than a WordPress site.
“The moment an attacker has administrative accessibility to a WordPress internet site, they have effectively taken around the full web site and can conduct any motion, from using the internet site offline to additional infecting the web-site with malware,” pointed out researchers.
Top Member is a free consumer profile plugin deployed to create on the web communities and membership web-sites with WordPress. It permits web-site house owners to make customized roles and regulate the privileges of web page associates.
“We identified that the person registration variety lacked some checks on submitted person facts,” wrote researchers.
“This oversight made it possible for an attacker to supply arbitrary person meta keys through the registration process that would update individuals meta keys in the databases.”
Researchers found the initial flaw on October 19, 2020, and arrived at out to the plugin’s developer on October 23.
“Soon after creating an proper communication channel, we furnished the whole disclosure specifics on October 26, 2020,” claimed scientists.
The developer acted quickly, sending Wordfence a copy of the 1st supposed patch for tests on October 26.
“We verified the patch set just one of the vulnerabilities, nevertheless, two continue to remained,” explained researchers.
The remaining flaws had been fixed with an up to date copy presented by the developers to Wordfence three days afterwards. A patched model of Supreme Member, 2.1.12, was produced on October 29, 2020.
“The privilege escalation vulnerabilities uncovered in the WordPress Greatest Member plugin show the continued hazards of plugins to any web software earning them a common goal for attackers. Just a single compromised 3rd-celebration plugin can infect tens of countless numbers of web sites in a person stroke,” commented Ameet Naik, security evangelist at PerimeterX.
“Businesses have to recognize the dangers imposed by third-occasion WordPress plugins and ought to secure their web sites using web application firewalls, as perfectly as customer-side visibility remedies that can reveal the presence of destructive code on their internet sites.”
Some parts of this article are sourced from:
www.infosecurity-journal.com