SoylentNews is people
SoylentNews
Submission Preview
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Story automatically generated by StoryBot Version 0.2.2 rel Testing.
Storybot ('Arthur T Knackerbracket') has been converted to Python3
Note: This is the complete story and will need further editing. It may also be covered
by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.
FeedSource: [Threatpost]
Time: 2019-02-12 20:34:18 UTC
Original URL: https://threatpost.com/wordpress-plugin-flaw-website-takeover/141746/ [threatpost.com] using UTF-8 encoding.
Title: Critical WordPress Plugin Flaw Allows Complete Website Takeover
--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Arthur T Knackerbracket has found the following story [threatpost.com]:
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy [threatpost.com]. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy [threatpost.com]. In addition, you will find them in the message confirming the subscription to the newsletter.
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.
A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites.
Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plugin has more than 40,000 active installations, according to WordPress Plugin repository.
The flaw allows privilege escalation, so that non-admins can take over administrator accounts or even whole websites. This even includes the subscriber-user type, which has the most limited types of permissions (subscribers can read a website, post comments and create a profile – but they can’t edit settings or content on sites).
“Exploitation is fairly easy if the website allows public registrations, since the only requirement for an attacker to exploit this vulnerability is to have a registered user account,” Oliver Sild, founder and CEO of WebARX, told Threatpost. “It can be a low-privileged user whose only permission is to post a comment.”
Researchers with WebARX said on Monday that the vulnerability stems from two issues in Simple Social Buttons: Improper application design flow and a lack of permission checks.
These vulnerabilities allow any user type to change any option from the ‘wp_options’ database table, which is where the crucial configuration of a WordPress installation is located, Sild said.
“Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, said in a Monday post [webarxsecurity.com].
At a technical level, the flaw allows a function to iterate through a JSON object provided in the request and update all options – without checking whether the current user has permission to manage options for the plugin. WebARX demonstrated the proof of concept (PoC) attack in a video (below).
From there, “there are multiple ways for an attacker to take over a whole website, or administrator account at least, just by modifying those configuration options,” Sild told Threatpost.
The vulnerability, which is rated 9.1 on the CVSS v3 severity scale, was discovered on Feb. 7, and a patch was released on Feb. 8. Users of the plugin are urged to update to version 2.0.22.
WordPress plugins continue to pose a security headache for site administrators. In fact, according to a January Imperva study, almost all [threatpost.com] (98 percent) of WordPress vulnerabilities are related to plugins that extend the functionality and features of a website or a blog.
In November, it was discovered that the popular AMP for WP plugin [threatpost.com] had a privilege-escalation flaw that allows WordPress site users of any level to make administrative changes to a website. And in January, researchers straight up urged WordPress site owners to delete a compromised plugin [threatpost.com] after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor.
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
A spam injector hides in plain site within WordPress theme files.
Fernandopoo [soylentnews.org]
on February 12, 2019
Join thousands of people who receive the latest breaking cybersecurity news every day.
Secure email service VFEmail's entire U.S. infrastructure was eliminated by a catastrophic #cyberattack [twitter.com].… https://t.co/ZY0ASyxz4h [t.co]
55 mins ago
Get the latest breaking news delivered daily to your inbox.
InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
-- submitted from IRC
