Technology

Serious flaw found and patched in WordPress, but it might lurk in plugins

The bug appears in WordPress instances prior to version 4.9.9 and was exploitable for as long as six years, the RIPS Technologies researchers said.

By Joe Warminsky

February 19, 2019

(Pixabay)

WordPress recently patched a long-running, potentially serious vulnerability in its core code. But a similar flaw in third-party plugins could still allow hackers to take over websites that use the popular publishing software, according to German web security company RIPS Technologies.

Exploiting the vulnerability requires an attacker to have access to an account with “author” privileges for the target website — a common designation for WordPress users. Once logged in, a hacker could manipulate how WordPress reads and writes files in its image database, essentially tricking the software into saving a malicious script file into a directory that typically handles photos.

“An attacker who gains access to an account with at least author privileges on a target WordPress site can execute arbitrary PHP code on the underlying server, leading to a full remote takeover,” RIPS researcher Simon Scannell wrote in a blog post Tuesday.

The bug — which RIPS is categorizing as a “path traversal” vulnerability — is exploitable WordPress instances prior to version 4.9.9 and has been for as long as six years, the researchers said, noting that the software runs on about one-third of all websites.

Even if all WordPress websites patched their core code, though, the software would still be vulnerable to the flaw via plugins, Scannell wrote.

“Any WordPress site with a plugin installed that incorrectly handles Post Meta entries can make exploitation still possible,” the RIPS team said, referring to the part of the code that handles image metadata. … Considering that plugins might reintroduce the issue and taking in factors such as outdated sites, the number of affected installations is still in the millions,” Scannell wrote.

WordPress plugins have recently been in the news for vulnerabilities. Last week the Simple Social plugin was patched for a flaw that could have affected 40,000 websites, and in November, a serious bug was found in a plugin related to compliance with Europe’s new data protection rules.

Serious flaw found and patched in WordPress, but it might lurk in plugins

More Like This

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

House hurtles toward showdown over expiring surveillance tools

‘Spring4Shell’ bug in framework for Java programming draws widespread warnings

Top Stories

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

CISA ransomware warning program has sent out more than 2,000 alerts

Campaigns and political parties are in the crosshairs of election meddlers

More Scoops

For Magecart groups and other credit-card skimmers, old and new opportunities abound

SolarWinds issues patches for two new critical bugs found in Orion software

Zero-day flaw found in Zoom for Windows 7

Hackers seize on software flaw to breach two victims, despite patch availability

WordPress plugin patches flaw that gave hackers potential access to 40,000 websites

Flaw in WordPress plugin allowed unauthorized admin access, backdoors

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics