Scientists have discovered critical privilege-escalation vulnerabilities in a WordPress plugin put in in 100k websites.
The 3 flaws in Ultimate Member were detected by Wordfence’s Threat Intelligence Staff, which described them as “critical and extreme” and “straightforward to exploit.”
By abusing the flaws, an attacker could escalate their privileges to all those of an administrator and totally just take above a WordPress site.
“When an attacker has administrative accessibility to a WordPress site, they have effectively taken in excess of the entire website and can carry out any action, from getting the site offline to even further infecting the web-site with malware,” pointed out researchers.
Ultimate Member is a cost-free user profile plugin deployed to make on the net communities and membership websites with WordPress. It allows web-site owners to build customized roles and take care of the privileges of web-site users.
“We learned that the consumer registration variety lacked some checks on submitted user facts,” wrote scientists.
“This oversight designed it achievable for an attacker to provide arbitrary person meta keys for the duration of the registration procedure that would update those meta keys in the database.”
Researchers found the initial flaw on October 19, 2020, and reached out to the plugin’s developer on Oct 23.
“Immediately after setting up an suitable interaction channel, we presented the full disclosure particulars on Oct 26, 2020,” reported researchers.
The developer acted quickly, sending Wordfence a copy of the initially meant patch for tests on Oct 26.
“We confirmed the patch fixed just one of the vulnerabilities, however, two nonetheless remained,” stated researchers.
The remaining flaws had been preset with an up-to-date duplicate supplied by the builders to Wordfence a few times later. A patched edition of Supreme Member, 2.1.12, was introduced on October 29, 2020.
“The privilege escalation vulnerabilities found in the WordPress Best Member plugin show the ongoing hazards of plugins to any web application making them a regular concentrate on for attackers. Just a person compromised third-party plugin can infect tens of thousands of websites in one particular stroke,” commented Ameet Naik, security evangelist at PerimeterX.
“Organizations must comprehend the threats imposed by third-occasion WordPress plugins and must protected their internet sites making use of web software firewalls, as nicely as customer-side visibility solutions that can reveal the presence of malicious code on their web-sites.”