20K WordPress Sites Exposed by Insecure Plugin REST-API

A lot more than 20,000 WordPress web sites are susceptible to destructive code injection, phishing cons and extra as the end result of a substantial-severity cross-web page scripting (XSS) bug uncovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing personalized e-mails.

The new vulnerability (CVE-2022-0218, CVSS score 8.3) was located by Wordfence researcher Chloe Chamberland, and was caused by a defective configuration in the Relaxation-API routes utilised to update the template and alter configurations, Chamberland discussed in the disclosure. Just put, there was no authentication necessary to access the Relaxation-API endpoint.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“Therefore, any user had accessibility to execute the Rest-API endpoint to help you save the email’s topic configurations or retrieve the email’s theme configurations,” Chamberland wrote. “[They] could inject malicious JavaScript into the mail template that would execute whenever a web-site administrator accessed the HTML mail editor.”

That usually means danger actors could add new buyers with administrative credentials, inject backdoors, put into practice web site redirects, and use legitimate site templates to mail phishing e-mail, between several other matters — even internet site takeovers.

“Combined with the truth that the vulnerability can be exploited by attackers with no privileges on a vulnerable web-site, this signifies that there is a large likelihood that unauthenticated attackers could acquire administrative person obtain on web pages jogging the susceptible version of the plugin when correctly exploited,” Chamberland reported.

Plugin Suitable with WooCommerce, Ninja Sorts & Buddy Press

The plugin is installed throughout 20,000 websites and is appropriate with other plugins run by WordPress web-sites with substantial followings like eCommerce system WooCommerce, on-line sort builder Ninja Forms and local community builder plugin BuddyPress, Chamberland documented.

“We advocate that WordPress site proprietors promptly verify that their website has been up to date to the latest patched model out there, which is model 3.1 at the time of this publication,” Chamberland included.

This most recent disclosure arrives just a 7 days soon after Risk Dependent Security unveiled their conclusions that the selection of WordPress plugin vulnerabilities exploded by triple digits in 2021.

In the exact same 7 days, 3 WordPress plugins have been described with the same bug — exposing 84,000 web-sites managing eCommerce increase-ons to entire site takeovers.

WordPress site directors are recommended by Chamberland to make sure they’re operating the most up-to-day variation, WordPress Email Template Designer — WP HTML Mail version 3.1.

“If you know a mate or colleague who is working with this plugin on their web site, we extremely propose forwarding this advisory to them to assistance maintain their web-sites safeguarded as this is a serious vulnerability that can guide to finish internet site takeover,” Chamberland cautioned.