WordPress vulnerability news is a weekly digest of vulnerability discloses that have been published.
Keeping up to date with security vulnerabilities in WordPress and other CMS’s is an important part of security. That is why we are analyzing WordPress plugins and newly disclosed vulnerabilities to make sure the sites using the mentioned plugins or themes are protected.
Is your WordPress site secured? Take a look at how to secure your site here.
If you are a WordPress plugin developer read how to secure plugins from an attackers perspective.
Cross-Site Scripting (XSS) in SoundPress Plugin
SoundPress allows you to embed audio from SoundCloud to your sidebar or directly inside your posts. All you need to do is provide the SoundCloud URL straight from your browser and the plugin will display the SoundCloud player.
Vulnerability type: Cross-site scripting (XSS)
Vulnerable version: 2.2.6
Number of sites affected: 5 000+
The vulnerability is fixed in version 3.0.0.
Read more about the WordPress vulnerability from plugins.trac.wordpress.org
Open Redirect & Hidden Login Page Exposure in All In One WP Security & Firewall Plugin
The WordPress plugin All In One WP Security & Firewall is a WordPress security plugin that you can use to implement user accounts security, login security, file system security and more.
Vulnerability type: Open redirect and exposure of the actual URL of the “hidden login page” feature
Vulnerable version: 4.4.1 and below
Number of sites affected: 800 000+
The PoC will be displayed on October 22, 2019, to give users the time to update.
Read more about the WordPress vulnerability from wpvulndb.com.
Stored XSS Vulnerability in WordPress Download Plugins and Themes from Dashboard Plugin
WordPress plugin Download Plugins and Themes from Dashboard lets you download installed plugins and themes ZIP files directly from your admin dashboard without using FTP.
Vulnerability type: Unauthenticated stored XSS
Vulnerable version: 1.5.0 and below
Number of sites affected: 10 000+
The vulnerability was reported on September 26, 2019, and a new version 1.6.0 was released on September 30.
Read more about the WordPress vulnerability from Nintechnet blog.
XSS and SSRF in WordPress Visualizer Plugin
Visualizer: Tables and Charts Manager for WordPress plugin is a simple, easy to use and quite powerful tool to create, manage and embed interactive charts & tables into your WordPress posts and pages.
Vulnerability type: Blind SSRF and a stored XSS
Vulnerable version: 3.3.0 and below
Number of sites affected: 40 000+
Read more about the WordPress vulnerability from nathandavidson.com.
Unauthorized CSV Access in Export Users to CSV Plugin
Export Users to CSV Plugin allows you to export users list and their metadata in the CSV file. CSV file having the following fields and their metadata: username, email, display name, first name, last name, and registered date.
Vulnerability type: Unauthorized CSV access
Vulnerable version: below 1.4
Number of sites affected: 3 000+
The plugin exports a CSV file containing sensitive user data. The generated files are stored in a public directory with a predictable filename based on a Unix timestamp.
CSV files are discoverable either through enumeration or path traversal. Export Users to CSV does not provide visibility over exported CSV files. Generated CSV files are stored indefinitely.
WooCommerce 3.6.4 – CSRF Bypass to Stored XSS
WooCommerce is an open-source, completely customizable eCommerce platform for entrepreneurs worldwide. A flaw in the way WooCommerce handles imports of products results in a stored cross-site scripting vulnerability (XSS) that can be exploited through cross-site request forgery (CSRF).
Vulnerability type: Stored cross-site scripting and cross-site request forgery (CSRF)
Vulnerable version: 3.6.4
Number of sites affected: 3+ million
Read more from Ripstech blog.
Other Related News
Joomla 3.4.6 ‘configuration.php’ Remote Code Execution
Joomla is an open-source content management system, based on PHP and MySQL, originally forked from Mambo.
The exploitation is implanting a backdoor in /configuration.php file in the root directory with an eval in order to be more suitable for all environments, but it is also more intrusive.
Vulnerability type: ‘configuration.php’ remote code execution
Vulnerable version: 3.4.6
Read more from hacktivesecurity.com.
WordPress sites are being hacked and infected every day. Some statistics say that about 30,000 websites are infected with some type of malware daily. Every public website is a resource available on the internet and therefore it’s a target. It’s important to understand that as soon as your website is available to the public, it immediately becomes a target.
It can take just days from a disclosed plugin vulnerability to a full-scale attack campaign. Attacks in this nature are almost always automated. To be able to fight back, you have a small time window to take action. In such cases, web application firewalls have critical importance.
Always keep your plugins updated. If possible, enable automatic updates. If you are using any of the mentioned plugins, you need to update it with the latest version as soon as possible.
WebARX web application firewall gets virtual patches that are distributed automatically among the sites when vulnerabilities are discovered. Threat intelligence and prevention are our main focus and thus our firewall engine is updated on a daily basis.
Websites with WebARX firewall installed are protected from the security issues mentioned in this article. If you are not protecting your WordPress site against plugin vulnerabilities yet go and start for free here.