New updates on WordPress Vulnerability

wordpress Vulnerability wordpress updates 1

WordPress is a common choice for Content Management systems. While working with any software it’s necessary that your WordPress updates with all new features or you have to suffer from the consequences caused by the bugs. WordPress vulnerability And if anything interrupts the work then we also know that it feels. 

So today, we have brought to you all the WordPress updates and bug fixes related to WordPress. With this, you can have a detailed look at the WordPress update version and the WordPress vulnerabilities

WordPress recently announced the repair of various bugs and WordPress vulnerabilities that were present in several plugins.  Basically, it’s plugins that were having XSS vulnerability that allows users to inject malicious script on the vulnerable page.

There was also authenticated XSS which is the same. But it only happens when the user is login to the site. Also, that user can be anyone with the least privilege to admin privilege.

If this vulnerability exists in the site then it becomes easy for the attacker to gain access to the site and alter the site. Let’s have a look at the various plugins that are patching:

WordPress updates-

wordpress Vulnerability wordpress updates

1. Multiple WordPress Vulnerability in WordPress SEO Plugin – Rank Math

Rank Math is a plugin used in WordPress for improving the SEO score.

Vulnerability: It was having the vulnerability of privilege escalation using REST-API endpoints. The REST-API endpoint has used to register was “rank math/v1/updateMeta”. Which doesn’t include “permission_callback” which is used for capability checking?

Endpoint used to call a function called “update_metadata” and this could be used to alter/update the current post’s slug.

The user meta table stores all the data about WordPress user’s permissions, and as this is used to register that endpoint so using that admin privilege can be revoked or accessed by an unauthenticated attacker.

  • Version: This vulnerability was a patch in version 1.0.41
  • Sites affected: It affected more than 200000 sites.

2. Authenticated Safe Mode Privilege Escalation in Elementor Page builder

Elementor Page Builder is a page builder plugin that is used to deliver high-end and modern design and also provides advanced capabilities for editing that page.

Vulnerability: WordPress vulnerability giving the authenticated user access to safe mode, and in safe mode, the plugins get disabled. That could tamper with the security of the site and make it easier for an attacker to gain access to the site.

  • Version: This vulnerability was a patch in version 2.9.6
  • Sites affected: It affected more than 4 million sites.

3. Authenticated Stored XSS in CM Pop-Up Banners Plugin

CM Pop-Up Banners Plugin is a plugin that provides to add and create user-friendly popup banners to be displayed to the users.

Vulnerability: It was having the vulnerability of XSS i.e. Cross-Site Scripting. The user saves a new campaign and if the user has edit_pages capabilities then this script was executed on every page of that website.

  • Version: This vulnerability was a patch in version 1.4.110
  • Sites affected:  It affected more than 10000 sites.

4. XSS on IMPress for IDX Broker Plugin: WordPress Vulnerability

IMPress for IDX Broker Plugin is a plugin that has used to display data using widgets and certain shortcuts on our WordPress site.

Vulnerability: It has the vulnerability of implementing XSS on the site by using ‘idx_update_recaptcha_key’ AJAX. This plugin has a captcha feature that it uses to prevent spam submission on site. The captcha that it uses is Google’s ReCAPTCHA, and it requires an API key.

The AJAX action that the plugin used to update API keys didn’t have any capability to check-in that. Using this if there is an attacker with minimal permission then he can send a request to wp-admin/admin-ajax.php with access parameter set to JavaScript that is malicious and then when the next time admin opens the browser it gives the attacker the admin privilege.

  • Version: This vulnerability was a patch in version 2.6.2
  • Sites affected: It affected more than 10000 sites.

5. Authenticated SQLi in WP-Advanced-Search 

WP-Advanced-Search is a plugin that adds a search page in WordPress.

Vulnerability: It had the vulnerability of Authenticated SQLi in which if the user has the privilege to access edit_posts then he was able to inject malicious SQL codes in the site. 

Version: This vulnerability was a patch in version 3.3.7

  • Sites affected: It affected more than 1000 websites.
  1. Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) in Ninja Forms Plugin 

6. Ninja Forms Plugin is a plugin that is used to create forms for input in WordPress.

Vulnerability: It has the vulnerability of Cross-Site Request Forgery to Cross-Site Scripting as it was not able to identify that the input that provides intentionally by the user who submitted the request or not.

  • Version: This vulnerability was a patch in version 3.4.24.2
  • Sites affected: It affected more than 1 million websites.

7. Authenticated Settings Update in Quick Page/Post Redirect Plugin

Fast Page/Post Redirect Plugin is a module that offers approaches to add sidetracks/redirects to the websites.

Vulnerability: It had the vulnerability of authenticated settings update due to which setting of the sites can be altered by low privilege users also.

  • Version: This plugin has been removing.
  • Sites affected: It affected more than 200000 websites.

8.Multiple Cross-Site Scripting (XSS) in Gmedia Photo Gallery Plugin

Gmedia Photo Gallery Plugin is a plugin that uses to display an image gallery and play songs on your WordPress site.

Vulnerability is the store and reflects the XSS and this vulnerability can cause the improper validations of photos and galleries uploaded by the users.

  • Version:  This vulnerability was a patch in version 1.18.5
  • Sites affected: It affected more than 10000 sites.
  1. 9. WordPress Vulnerability: Multiple Vulnerabilities in LearnPress Plugin

LearnPress Plugin is a plugin that is best to easily create and sell courses online.

Vulnerability: It had the vulnerability of authenticated post creation and status modification by which attackers with minimal permissions were able to create and modify the pages in our site via update and create AJAX.

It also had vulnerability of privilege escalation to “LP Instructor” which grants “unfiltered_html” capability, which allows escalated users to update, create and manage posts that could contain malicious JavaScript.

  • Version: This vulnerability was a patch in version 3.2.6.9
  • Sites Affected: It affected more than 80000 websites.
  1. 10. Unauthenticated file upload RCE in Simple File list

The simple File list is a plugin that allows users to see the list of the files and also allows them to download those files. Users also have the option to upload the file.

Vulnerability: It had the Vulnerability Of unauthenticated subjective record transfer RCE which promotes remote code execution. Exploits are written in python containing PHP code with a png extension upload that makes the site vulnerable and easy to get access to.

  • Version: This vulnerability was a patch in version 4.2.3
  • Sites affected: It affected more than 4000 websites.

11. Reflected Cross-Site Scripting (XSS) in GTranslate Plugin

GTranslate plugin uses Google translate for automatic translation service for making the site multilingual.

Vulnerability: It had the vulnerability of reflected cross-site scripting (XSS) with the help of a crafted link. It required the use of href tag within a sub-domain or sub-directory 

  • Version: This vulnerability was a patch in version 2.8.52
  • Sites affected: It affected more than 200000 websites. 

This is all about the updates regarding WordPress updates and WordPress Vulnerability For more such updates stay tuned with us.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

2 Responses

  1. Hi there to all, it’s genuinely a nice for me to go to see this site, it includes useful Information.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact us
Social Share
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on whatsapp
WhatsApp
Latest posts