Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Jimi Wikman
    Jimi Wikman

    Critical Wordpress plugin bug compromise hosting accounts for thousands of users

    A critical bug in the popular Wordpress plugin wpDiscuz allow users to upload and execute code remotely. This is because of a bug in the file mime type detection that allowed any file type to be uploaded. This open up the server to remote code execution (RCE) that could result in the entire server being compromised. 

    The vulnerability was reported to wpDiscuz's developers by Wordfence's Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. Since then 25.000 users have downloaded this update, leaving at least 45.000 sites still vulnerable from this bug.

    According to Wordfence threat analyst Chloe Chamberland, the security flaw is rated as critical severity with a CVSS base score of 10/10.

    Quote

     

    "If exploited, this vulnerability could allow an attacker to execute commands on your server and traverse your hosting account to further infect any sites hosted in the account with malicious code.

    This would effectively give the attacker complete control over every site on your server"

     

    Disclosure Timeline

    June 18, 2020 – Initial discovery of vulnerability. We verify the Wordfence firewall provides protection against exploit attempts and we make our initial contact attempt with the plugin’s team.
    June 19, 2020 – Plugin team confirms inbox for handling disclosure. We send full disclosure details.
    June 20, 2020 – The plugin’s team let us know that a patch will be released in version 7.0.4.
    July 6, 2020 – Follow-up as no patch has been released.
    July 10, 2020 – They respond to let us know a patch is coming in 1-2 days.
    July 13, 2020 – Follow-up as no patch has been released.
    July 15, 2020 – They respond saying a patch will be released by the end of week.
    July 20, 2020 – A patch has been released. We check the patch and see that vulnerability is still exploitable and inform them.
    July 23, 2020 – A sufficient patch has been released in version 7.0.5

     

    If you are using wpDiscuz you should upgrade emediately to avoid having your server compromised.


    • Sad 1


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By ©Jimi Wikman
      Two WordPress plugins, InfiniteWP Client and WP Time Capsule have been found to suffer from a critical authorization bypass bug that allows people to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in.
      Both plugins are designed to allow users to authenticate to multiple WordPress installations from one central server. That allows site owners to “perform maintenance such as one-click updates for core, plugins, and themes across all sites, backup and site restores, and activating/deactivating plugins and themes on multiple sites simultaneously".
      This was reported on January 7th and on January 8th a new release for InfiniteWP Client and WP Time Capsule was released. WebArx publicly disclosed the bugs on January 14th.
      Based on the WordPress plugin library, the InfiniteWP Client plugin is active on 300,000+ websites. The InfiniteWP site claims they have 513,520 sites active.
      Link to WPScan Vulnerability Database: https://wpvulndb.com/vulnerabilities/10011
       
×
×
  • Create New...