Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Exploit Critical Vulnerability Found in ~100,000 WordPress Sites

posted by janrinok on Friday February 21 2020, @09:40PM   Printer-friendly
from the do-people-still-use-WordPress? dept.

upstart writes in with an IRC submission for Fnord666:

Hackers exploit critical vulnerability found in ~100,000 WordPress sites:

Hackers are actively exploiting a critical WordPress plugin vulnerability that allows them to completely wipe all website databases and, in some cases, seize complete control of affected sites.

The flaw is in the ThemeGrill Demo Importer installed on some 100,000 sites, and it was disclosed over the weekend by Website security company WebARX. By Tuesday, WebArx reported that the flaw was under active exploit with almost 17,000 attacks blocked so far. Hanno Böck, a journalist who works for Golem.de, also spotted active attacks and reported them on Twitter.

"There's currently a severe vuln in a wordpress plugin called "themegrill demo importer" that resets the whole database," Böck wrote. "https://webarxsecurity.com/critical-issue-in-themegrill-demo-importer/ It seems attacks are starting: Some of the affected webpages show a wordpress 'hello world'-post. /cc If you use this plugin and your webpage hasn't been deleted yet consider yourself lucky. And remove the plugin. (Yes, remove it, don't just update.)"

[...] The bug stems from a failure to authenticate users before allowing them to carry out privileged administrative commands. Hackers can abuse this failure by sending Web requests that contain specially crafted text strings.

"This is a serious vulnerability and can cause a significant amount of damage," WebARX researchers wrote in this weekend's disclosure. "Since it requires no suspicious-looking payload just like our previous finding in InfiniteWP, it is not expected for any firewall to block this by default, and a special rule needs to be created to block this vulnerability."

Specifically, the vulnerability allows attackers to delete all tables and populate the database with default settings and data. Accounts named "admin," assuming any exist, are set to their previously known password. In the event accounts named admin exist, the attacker will find themselves logged in with administrative rights.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Exploit Critical Vulnerability Found in ~100,000 WordPress Sites | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Troll) by Anonymous Coward on Friday February 21 2020, @10:46PM

    by Anonymous Coward on Friday February 21 2020, @10:46PM (#960858)

    Is it a coincidence that WordPress was developed by Khazar Jews? It's not a bug if it improves access for Mossad.

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  
    Total Score:   -1