Security researchers have discovered a critical but easily exploitable vulnerability in popular ones. WordPress plugin It can be exploited to upload arbitrary files to affected websites.
In their breakdown Wordfence researchers developing security solutions to protect against vulnerabilities WordPress Please note that during the installation, the affected plugins are installed on over 400,000 websites.
The ProfilePress plugin, formerly known as the WP User Avatar, allows administrators to design user profile pages and create front-end forms for user registration. It also helps protect sensitive content and control user access.
We’re investigating how our readers are using VPNs on streaming sites like Netflix, so we can improve our content and provide better advice. This survey does not take more than 60 seconds. You can also take part in the draw to win a $ 100 Amazon Voucher or one of five 1-year ExpressVPN subscriptions.
>> Click here to start the survey in a new window
Wordfence states that an attacker could exploit the vulnerability to register as a site administrator even if the actual administrator has disabled user registration.
Improper implementation
According to Wordfence, the ProfilePress plugin has emerged as a way to upload a user’s profile picture, but has recently been transformed into the current form with new user login and registration capabilities.
Unfortunately, however, the new features were not properly coded and introduced a vulnerability.
For example, the plugin did not prevent users from providing arbitrary metadata during the registration process. This was exploited by Wordfence to escalate user privileges to administrator privileges.
You can do the same with the profile update feature. However, because there was no check to verify that the site had user registration enabled, the attacker did not have to compromise the existing account and was able to hijack the website without hassle.
Wordfence reported these vulnerabilities to ProfilePress around the end of May. The company responded quickly and fixed the bug with a patch (v3.1.4) within a few days.
To prevent attacks, users running vulnerable versions (3.0-3.1.3) are advised to update immediately.
A nasty WordPress plugin bug could allow an attacker to register as a site administrator
Source link A nasty WordPress plugin bug could allow an attacker to register as a site administrator