Researchers have identified critical privilege-escalation vulnerabilities in a WordPress plugin installed in 100k websites.
The a few flaws in Ultimate Member were detected by Wordfence’s Menace Intelligence Staff, which described them as “critical and significant” and “quick to exploit.”
By abusing the flaws, an attacker could escalate their privileges to people of an administrator and wholly acquire in excess of a WordPress site.
“When an attacker has administrative obtain to a WordPress internet site, they have effectively taken more than the whole internet site and can perform any motion, from taking the site offline to additional infecting the internet site with malware,” famous researchers.
Final Member is a free consumer profile plugin deployed to build on-line communities and membership websites with WordPress. It lets website homeowners to produce custom roles and take care of the privileges of web site associates.
“We identified that the person registration kind lacked some checks on submitted user knowledge,” wrote researchers.
“This oversight created it attainable for an attacker to source arbitrary user meta keys through the registration system that would update all those meta keys in the databases.”
Researchers discovered the initially flaw on October 19, 2020, and attained out to the plugin’s developer on October 23.
“Following developing an ideal communication channel, we delivered the full disclosure facts on October 26, 2020,” said researchers.
The developer acted quickly, sending Wordfence a duplicate of the first meant patch for testing on Oct 26.
“We verified the patch fixed just one of the vulnerabilities, however, two nonetheless remained,” said researchers.
The remaining flaws have been mounted with an up-to-date duplicate delivered by the builders to Wordfence three times later on. A patched variation of Greatest Member, 2.1.12, was launched on October 29, 2020.
“The privilege escalation vulnerabilities identified in the WordPress Best Member plugin reveal the ongoing risks of plugins to any web application generating them a normal concentrate on for attackers. Just a person compromised 3rd-party plugin can infect tens of hundreds of sites in a person stroke,” commented Ameet Naik, security evangelist at PerimeterX.
“Corporations have to have an understanding of the pitfalls imposed by 3rd-party WordPress plugins and have to secure their internet sites working with web software firewalls, as perfectly as consumer-side visibility options that can reveal the existence of destructive code on their websites.”
Some sections of this write-up are sourced from: