Search This Blog

Showing posts with label Wordpress Vulnerability. Show all posts

The “Real-Time Find and Replace” Wordpress Plugin Updated To Address A High Severity Vulnerability

So as to address a high severity vulnerability, the “Real-Time Find and Replace” WordPress plugin was updated as of late in order to forestall the exploitation to infuse code into sites.

The plugin, accessible as open source and has over 100,000 installations is intended to permit WordPress site admins to dynamically supplant HTML content from themes and different plugins with the content on their personal preference before the page is served to users.

The vulnerability recognized by the name of 'Cross-Site Request Forgery (CSRF)' prompting Cross-Site Scripting (XSS), could have permitted an attacker to infuse malignant JavaScript code on a target site, yet just by fooling the administrator into performing explicit actions, such as clicking a link.

The core of the plugin's 'functionality' for including the find and replace rules in the function far_options_page, which didn't confirm the integrity of a request's source, since it didn't utilize nonce verification, WordPress Security Company Defiant had discovered.

 By supplanting an HTML tag like <head> with noxious JavaScript, an attacker would ensure that their code executes on about each page of the targeted site. Utilizing the infused code, the attacker could make another administrative account; steal session cookies, or direct clients to a malevolent site.

Defiant detailed the vulnerability to the plugin's developer on April 22 and the security flaw was tended to the same day.

The security company Defiant says, “Any attacker capable of tricking a site owner into executing an unwanted action could replace any content or HTML on a vulnerable site with new content or malicious code. This replacement code or content would then execute anytime a user navigated to a page that contained the original content. ”

“In the most up to date version, a nonce has been added along with a check_admin_referer nonce verification function to ensure the legitimacy of the source of a request,” Defiant explained further.

Version 4.0.2 or newer of the Real-Time Find and Replace plugin includes a patch for the bug, and users are advised to update the plugin as soon as possible to ensure their WordPress websites are protected.

Zero-day Stored XSS Vulnerability Allowed Attackers to Compromise 70,000 Websites

Researchers found out that "Social Warfare", a social sharing plug-in powered by Warfare Plugins is infected with a critical Stored XSS Zero-day flaw which allows cybercriminals to place malicious scripts and conquer the assailable WordPress websites.

'Social Warfare' is a social sharing plugin which is essentially used to accumulate more website traffic by receiving more social shares for website developers.

Amidst some of the plugins debugging features, the plug-in carries an exploitable code which assists the payload in being stored in the website's database and reclaimed with every page request.

Referencing from Sucuri research, “These features aren’t directly used anywhere and rely on various $_GET parameters to be executed, which makes it easy to see if your site was attacked using this vulnerability."

The exploit which was rampantly distributed across the globe is a critical flaw that has allowed hackers to entirely gain control of the ill-protected websites in the sphere.

As the abuse of the exploit continued, multiple ongoing attempts from over a hundred distinct IPs were noticed by the analysts.

Reportedly, around 70,000 websites have the plugin installed and the attacks are likely to multiply if the flaw is left unpatched. Meanwhile, users are advised by the experts to get an update to version 3.5.3.

Latest WordPress version 3.5.1 vulnerable to Denial of Service

A security researcher Krzysztof Katowicz-Kowalewski has discovered a critical DOS vulnerability in the latest version of Wordpress (v3.5.1) that allows cybercriminals to cause Denial of service.

The security flaw is "caused due to an error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php" according to Secunia report.

By sending specially crafted password cookie, an attacker can cause damage to the website. However, the exploit is limited to those websites who have at least one password protected post and the attacker should have the knowledge of the URL for that post.

Secunia has confirmed the vulnerability existence in latest version 3.5.1. Previous version might also be impacted by the security bug.

The researcher has informed the Wordpress security Team about the security flaw, but since he didn't receive any response from them , he decided to disclose the bug.

W3 Total Cache vulnerability allows hacker to steal password and db info

Jason A. Donenfeld has discovered a Critical vulnerability in one of the famous wordpress plugin "W3 Total Cache".  The plugin helps to improve the user experience of your site by improving your server performance, caching every aspect of your site.

The cache data is stored in public accessible directory, which means a malicious hacker can browse and download the password hashes and other database information.

A simple Google search for "inurl:wp-content/plugins/w3tc/dbcache" returns the list of word press affected by this vulnerability.

According to Jason, the cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable, even with directory listing off.

He also published a simple shell script to identify and exploit this bug:

Wordpress users are advised to either upgrade the plugin to new version or deny access to plugin directory by making an extra .htccess in that folder.

WordPress Pingback Vulnerability Can Be Leveraged in DDoS Attacks

A pingback security bug exists in the Wordpress blogging platform may be exploited to launch distributed denial-of-service (DDoS) attacks, according to web application security firm Acunetix.

The vulnerability is exploitable through the platform’s XMLRPC API (through XMLRPC.PHP).

A malicious hacker can spoof a pingback to a specific blog in order to guess hosts inside each network they target, port scan those hosts, reconfigure internal routers or simply launch DDoS attacks.

The team successfully implemented an Acunetix WVS script to test this security flaw. This script will try to resolve various common internal hosts and try to connect to common ports. In the end, it will report the successful attempts.