Several Critical Flaws Identified in WordPress Plugin

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

 

Wordfence researchers warned of multiple flaws in a popular WordPress plugin that allows an attacker to upload arbitrary files to a vulnerable site to achieve remote code execution (RCE). On May 27, researchers discovered four security vulnerabilities, which were all assigned a high CVSS score of 9.8. 

The first issue discovered was a privilege escalation flaw CVE-2021-34621. “During user registration, users could supply arbitrary user metadata that would get updated during the registration process. This included the wp_capabilities user meta that controls a user’s capabilities and role. This made it possible for a user to supply wp_capabilities as an array parameter while registering, which would grant them the supplied capabilities, allowing them to set their role to any role they wanted, including the administrator,” researchers explained.

In addition, there was no check to validate that user registration was enabled on the site, meaning users could register as an administrator even on sites where user registration was disabled. This meant that attackers could completely take charge of a susceptible WordPress site. 

CVE-2021-34622, the second flaw in the user profile update functionality, uses the same technique as above but requires an attacker to have an account on a vulnerable site for the exploit to work. 

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Several Critical Flaws Identified in WordPress Plugin

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!