WordPress Patches 3-Year-Old High-Severity RCE Bug

  • In all, WordPress patched 10 security bugs as section of the launch of variation 5.5.2 of its web publishing software.

    WordPress launched a 5.5.2 update to its ubiquitous web publishing computer software platform. The update patches a substantial-severity bug, which could allow for a remote unauthenticated attacker to just take around a focused site via a narrowly customized denial-of-provider attack.

    In all, the WordPress Security and Upkeep Launch tackled 10 security bugs and also brought a bevy of attribute enhancements to the system. WordPress explained the update was a “short-cycle security and routine maintenance release” prior to the following significant release model 5.6. With the update, all versions because WordPress 3.7 will also be present-day.

    Of the 10 security bugs patched by WordPress a standout flaw, rated superior-severity, could be exploited to allow for an unauthenticated attacker to execute distant code on techniques hosting the susceptible web page.

    “The vulnerability enables a distant attacker to compromise the affected web site,” WordPress wrote in its bulletin posted Friday. “The vulnerability exists thanks to improper management of internal means within the application, which can transform a denial of provider attack into a remote code execution issue.”

    The researcher who uncovered the bug, Omar Ganiev, founder of DeteAct, informed Threatpost that the vulnerability’s effects may be large, but the chance an adversary could reproduce the attack in the wild is very low.

    “The attack vector is pretty intriguing, but incredibly challenging to reproduce. And even when the right situations exist, you have to be ready to deliver a extremely correct DoS attack,” he explained to Threatpost by way of a chat-primarily based job interview.

    “The theory is to trigger the DoS on the MySQL so that WordPress will feel that it’s not mounted and then un-DoS on the DB under the exact same execution thread,” Ganiev said. The bug was uncovered by Ganiev a few many years ago, nevertheless he only reported it to WordPress on July 2019. The delay, he reported, was to research different sorts of evidence-of-principle exploits.

    Neither WordPress or Ganiev believe the vulnerability has been exploited in the wild.

    4 bugs rated “medium risk” by WordPress were also patched. All of the flaws influenced WordPress variations 5.5.1 and earlier. Three of the four vulnerabilities – a cross-web page scripting flaw, inappropriate accessibility handle bug and a cross-website ask for forgery vulnerability – can every be exploited by a “non-authenticated consumer via the internet.”

    The fourth medium-severity bug, a security restriction bypass vulnerability, can be activated only by a distant authenticated person.

    Of the medium-severity bugs the cross-web page scripting flaw is likely the most hazardous. A successful attack lets a remote attacker steal delicate information and facts, alter physical appearance of the web site, carry out phishing and push-by-download attacks, according to WordPress. For the reason that of insufficient WordPress facts sanitization of person-provided info to an impacted web-site, the security release said a distant attacker “can trick the target to abide by a specifically crafted connection and execute arbitrary HTML and script code in user’s browser in context of vulnerable site.”

    Hackers Set Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are obtaining hammered by ransomware assaults in 2020. Save your spot for this Cost-free webinar on health care cybersecurity priorities and hear from main security voices on how data security, ransomware and patching need to be a priority for just about every sector, and why. Be part of us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.