SIMonline

Service receive & sending SMS

Vulnerability of WP Cost Assessment Plugin, Crash for WordPress Sites

1692   |     /   Programs

Vulnerability of WP Cost Assessment Plugin, Crash for WordPress Sites
Enemies can hack WordPress sites using vulnerabilities in a rather popular plugin called WP Cost Assessment & Payment Forms Builder.




To save your personal data, you need to rent a virtual number for safe registration and account confirmation on any site.

The plugin developed by Loopus allows WordPress site administrators to create cost calculators and forms of payment. This tool is offered on CodeCanyon for $ 28, and it was bought there almost 12,000 times.

Defiant, the developer of the Wordfence security plug-in for WordPress websites, said on Wednesday that it would detect attacks that exploit vulnerabilities in the WP Cost Assessment & Payment Forms Builder to install backdoors on websites.

The target flaws were fixed by the developer several months ago, but since a security warning was not issued, many users did not install the updates and left their sites vulnerable to attacks.

According to Wordfence researchers, cybercriminals exploit two vulnerabilities related to downloading and deleting files.

WP Cost usually prevents users from uploading dangerous file types to the server, but the lack of a plugin allows them to upload malicious PHP files with a clearly harmless extension.

The second drawback allows attackers to delete arbitrary files. In the attacks detected by Wordfence, they deleted the wp-config.php file, which is why WordPress believes that a new installation is taking place - because there is no database configuration - which allows the hacker to connect the site to his own database and log in as an administrator

Although both vulnerabilities should allow hackers to achieve the same goal, both security holes were used in attacks aimed at the same site, which led experts to believe that the exploit when downloading files did not give the expected result.

CodeCanyon discussions show that several users reported that their sites were hacked using this plugin. Some messages exchanged between the developer and users of WP Cost Assessment about 4 months ago suggest that at some point the flaws could have zero-day status — attackers exploited vulnerabilities before the developer knew they existed.

Examining the effectiveness of patches released for these vulnerabilities, Wordfence researchers discovered another potentially serious drawback - the directory traversal problem at boot, which can be used to overwrite any file with the white list type jpg, bmp, zip, etc.

“Even with a whitelist allowing only images and archives to be uploaded, an attacker can cause serious exploit problems. Any image on the site can be overwritten. If any backups are stored in an accessible place in the zip archive, the attacker can replace this backup with his own infected version, which contains new users in the database or backdoors buried in other places of the file structure. When the backup is restored (perhaps after a mysterious case of overwritten images), these backdoors will be deployed, ”the researchers explained.

Wordfence researchers reported this flaw to Loopus on January 26, and a patch was released a few days later.

Attackers often use recently fixed bugs or zero day flaws affecting plugins targeted to WordPress sites. Recently discovered attacks included AMP for WP, WordPress GDPR Compliance, and Total Donations plugins.


Similar news


Intel SGX can be used to hide malware

A team of researchers has demonstrated that Intel SGX technology can be used to conceal advanced and hidden malware that could allow attackers to steal data and conduct actions on behalf of the victim. Intel claims that its technology works as intended and is not designed to block this type of attack.

Adobe fixes data leak error in Reader

Adobe has released patches for Acrobat and Reader, Flash Player, ColdFusion, and Creative Cloud. One of Reader’s weaknesses is the critical issue of data leakage, the details of which were released by the researcher in January.

Siri Lock Bypass on iPhone

You have a ton of very personal information on your phone. Text messages, emails, browser history, photos. The last thing you need is for someone to pick up the phone and gain access to all this data. That's why you lock your phone with a password, code, pattern or fingerprint.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2024

All rights reserved