Critical bugs and Auth Bypass Vulnerability in WordPress Plugins
A WordPress plugin has been discovered to contain “Easily Exploitable” security issues that could be leveraged by an attacker to gain complete control over vulnerable websites. Three WordPress plugins, InfiniteWP Client, WP Database Reset, And WP Time Capsule, contain serious security vulnerabilities that have opened up an estimated 320,000 websites to exploit.
1. InfiniteWP Client Plugin Issue
A vulnerability has been discovered in the InfiniteWP Client plugin versions 220.127.116.11 or earlier. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner to manage unlimited WordPress sites from their own server. InfiniteWP Client is currently installed on over 300,000 WordPress sites.
This is a critical authentication bypass vulnerability. This bug arises from a feature that lets users automatically log in as an administrator without providing a password. If you are using InfiniteWP client version 18.104.22.168 or earlier we recommend immediately updating your installation to protect your site.
2. WP Database Reset Plugin Issue
The plugin is called WP Database Reset and it is used to reset Databases without having to go through the standard WordPress installation process. The security issue has the potential to affect many websites as the WordPress library says it is active on over 80,000 sites.
A vulnerability was found in WP Database Reset up to 3.1 on WordPress (WordPress Plugin). It has been declared as critical. This vulnerability affects some unknown processing of the file wp-admin/admin-post.php?db-reset-tables=comments. The manipulation with an unknown input leads to a denial of service vulnerability (Reset). The CWE (Common Weakness Enumeration) definition for the vulnerability is CWE-404. As an impact, it is known to affect integrity, and availability.
The weakness was disclosed 01/16/2020. This vulnerability was named CVE-2020-7048 (CVE stands for Common Vulnerabilities and Exposures) since 01/14/2020. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available.
Users of the WP Database Reset plugin should update to the latest version (version 3.15) as soon as possible to prevent having their website hijacked by hackers or wiped out completely.
3. WP Time Capsule Plugin Issue
WP Time Capsule also suffers from an authentication bypass flaw that allows hackers to log in as admin. This plugin basically makes it easy to backup website data and about 20,000 websites have this plugin.
To leverage this flaw, attackers need to include a string in a POST request which helps them obtain a list of all admin accounts and automatically login to the first one.
The issue is located in wptc-cron-functions.php line 12 where it parses the request. The parse_request function calls the function decode_server_request_wptc which checks if the raw POST payload contains the string “IWP_JSON_PREFIX”.
A patch has been rolled out in version 1.21.16 so you should update your website right away if it is still running an earlier version.
Link to WPScan Vulnerability Database: https://wpvulndb.com/vulnerabilities/10011
Thursday, January 23, 2020