Despite two critical flaws in a popular WordPress plugin fixed weeks ago, hundreds of thousands of webmasters have yet to roll out the update, exposing their sites to takeover attacks.
The All In One WordPress SEO plugin was vulnerable to two vulnerabilities: CVE-2021-25036, which is a critical authenticated privilege escalation vulnerability, and CVE-2021-25037, a high severity authenticated SQL injection bug.
In total, three million sites were vulnerable to vulnerability. In the last two weeks since the plugin developers released the patch, more than two million plugins have been updated, leaving some 820.000 still vulnerable.
Quick update of plugins
Although the vulnerabilities require the attacker to be authenticated with WordPress, they only need low-level permissions, such as Subscriber, to function. Typically a subscriber can only post comments and edit their own profile, but with CVE-2021-25036, they can elevate their privileges and remotely run code on vulnerable sites.
Automation security researcher Marc Montpas, who first discovered the flaws, says it's easy to abuse the flaws on vulnerable sites because all the attacker needs to do is change "a single character to uppercase" to bypass all security checks. privileges.
"This is particularly concerning because some of the plugin endpoints are quite sensitive. For example, the aioseo/v1/htaccess endpoint can rewrite a site's .htaccess with arbitrary content," he said. he stated. "An attacker could abuse this functionality to hide .htaccess backdoors and execute malicious code on the server."
Webmasters using the WordPress All in One SEO plugin should make sure to update it to version 4.1.5.3.
Serious glitches that come with WordPress plugins are relatively common. For example, just a month ago, a vulnerability in the Starter Templates - Elementor, Gutenberg & Beaver Builder Templates plugin allowed contributor-level users to completely overwrite any page on the site and embed malicious JavaScript at will. In this case, more than a million sites were threatened.
That same month, the "Email Preview for WooCommerce" plugin was also discovered to contain a serious flaw, which could allow attackers to take control of the site. The plugin has been used by more than 20.000 sites.
- You can also check our list of the best firewalls of the moment.
Via: computer beep