Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday February 18 2019, @05:21PM   Printer-friendly
from the anti-social-buttons dept.

Arthur T Knackerbracket has found the following story:

A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites.

Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plugin has more than 40,000 active installations, according to WordPress Plugin repository.

[...] “Exploitation is fairly easy if the website allows public registrations, since the only requirement for an attacker to exploit this vulnerability is to have a registered user account,” Oliver Sild, founder and CEO of WebARX, told Threatpost. “It can be a low-privileged user whose only permission is to post a comment.”

[...] “Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, said in a Monday post.

At a technical level, the flaw allows a function to iterate through a JSON object provided in the request and update all options – without checking whether the current user has permission to manage options for the plugin.

[...] From there, “there are multiple ways for an attacker to take over a whole website, or administrator account at least, just by modifying those configuration options,” Sild told Threatpost.

The vulnerability, which is rated 9.1 on the CVSS v3 severity scale, was discovered on Feb. 7, and a patch was released on Feb. 8. Users of the plugin are urged to update to version 2.0.22.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Thexalon on Monday February 18 2019, @10:34PM

    by Thexalon (636) on Monday February 18 2019, @10:34PM (#803220)

    There are good options in both Python and Ruby. I've also had to wrangle both JSP and C#.Net, and neither of those were half as atrocious as PHP.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2