Critical Security Flaw in WordPress Plugin Allows RCE

Popular WordPress plugin Comments – wpDiscuz has released a patch which is active on over 80,000 pages.

Researchers informed about a critical flaw within the plugin. The bug allows unauthenticated attackers to upload arbitrary files (including PHP files) to vulnerable website servers and eventually execute remote code.

Comments – wpDiscuz allows WordPress websites to add custom comment forms and fields to sites, and is an alternative to services such as Disqus. Wordfence researchers who found the bug alerted the creator of the plugin, gVectors, which published a patch on July 23.

The bug is deemed severe in magnitude with a CVSS score of 10 out of 10. And researchers advise website administrators to ensure that they update.

“This vulnerability was introduced in the plugin’s latest major version update,” said Wordfence researchers in a Tuesday post. “This is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you are running any version from 7.0.0 to 7.0.4 of this plugin. It is highly recommended updating to the patched version, 7.0.5, immediately.”

The potential of the exploit

This allowed attackers to build any type of file and attach image identification features to files. In order to pass the verification of the file content. In a report, a PHP file attempting to bypass this verification may appear something like this:

------WebKitFormBoundaryXPeRFAXCS9qPc2sB
Content-Disposition: form-data; name="wmu_files[0]"; filename="myphpfile.php"
Content-Type: application/php

‰PNG

The location of the file path was returned as part of the request-response. Allowing a user to quickly find the location of the file and to access the file that was submitted to the server. This meant that attackers could upload arbitrary PHP files to the server. And then access those files to cause their execution, achieving execution of remote code.

If exploited, this vulnerability may allow an attacker to execute commands on your server and traverse your hosting account with malicious code to further infect any sites that are hosted on the account. This will essentially give complete control of each site on your website to the attacker.

WordPress Plugin Bugs

Plagued by bugs, WordPress plugins tend to have disastrous implications for websites. It was discovered earlier in July that the Adning Advertising plugin for WordPress. A premium app with more than 8,000 users. Presents a crucial vulnerability to remote code execution with the potential to be exploited by unauthenticated attackers.

In May, SiteOrigin’s Page Builder, a WordPress plugin with a million active installations using a drag-and-drop feature to create websites. Was found to contain two vulnerabilities that could enable complete site takeover.

We suggest that users update immediately to the latest version available at the time of this release, which is version 7.0.5.

You may also like:

How to Submit Your WordPress Site to Google News

WordPress vs Joomla vs Drupal- Comparison

2020-08-01T13:06:52+00:00

About the Author:

Leave A Comment