• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Brutal WordPress plugin bug allows subscribers to wipe sites

Brutal WordPress plugin bug allows subscribers to wipe sites

Brutal WordPress plugin bug allows subscribers to wipe sites

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites.

The plugin in question, known as Hashthemes Demo Importer, is designed to help admins import demos for WordPress themes with a single, without dealing with installing any dependencies.

The security bug would allow authenticated attackers to reset WordPress sites and delete almost all database content and uploaded media.

Wordfence QA engineer and threat analyst Ram Gall explained that the plugin failed to properly perform nonce checks, leaking the AJAX nonce on vulnerable sites' admin dashboard for all users, “including low-privileged users such as subscribers.”

As a direct consequence of this bug, logged-in subscriber-level users could abuse it to wipe all the content on sites running unpatched versions of Hashthemes Demo Importer.

“While most vulnerabilities can have destructive effects, it would be impossible to recover a site where this vulnerability was exploited unless it had been backed up,” Gall added.

Any logged-in user could trigger the hdi_install_demo AJAX function and provide a reset parameter set to true, resulting in the plugin running it’s database_reset function. This function wiped the database by truncating every database table on the site except for wp_options, wp_users, and wp_usermeta. Once the database was wiped, the plugin would then run its clear_uploads function, which deleted every file and folder in wp-content/uploads. — Ram Gall

Subscriber, one of the types of users who could wipe vulnerable sites, is a default WordPress user role (just as Contributor, Author, Editor, and Administrator) often enabled on WordPress sites to allow registered users to write comments on the website's comment section.

They would typically only be able to edit their profile using the site's dashboard without access to other admin pages.

While Wordfence reported the vulnerability the bug to the plugin's development team on August 25, 2021, the developers did not reply to the disclosure messages for almost a month.

This prompted Wordfence to reach out to the WordPress plugins team on September 20, which led to the plugin's removal the same day and the release of a patch addressing the bug four days later, on September 24.

However, Hashthemes Demo Importer's developer did not mention the 1.1.2 release or the update on the plugin's changelog page despite releasing a security update.

Source link

Written by:
Abdul Wahid
Published on:
October 28, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Latest News (286)
  • Plugins (323)
  • Themes (332)
  • Tutorials (417)
  • Videos (849)
  • Woocommerce (424)

Recent Articles

WordPress Elementor Website erstellen – Schritt-für-Schritt Tutorial für Anfänger auf Deutsch (2022)

In diesem WordPress Tutorial zeige ich dir …

Continue Reading about WordPress Elementor Website erstellen – Schritt-für-Schritt Tutorial für Anfänger auf Deutsch (2022)

How to Regenerate Thumbnails in WordPress (Fast & Easy)

Looking for an easy way to regenerate thumbnails …

Continue Reading about How to Regenerate Thumbnails in WordPress (Fast & Easy)

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter