Vulnerabilities Affect 100,000 Sites Using WordPress Plugin

Researchers have discovered critical privilege-escalation vulnerabilities in a WordPress plugin installed in 100k websites.

The three flaws in Ultimate Member were detected by Wordfence‘s Threat Intelligence Team, which described them as “critical and severe” and “easy to exploit.”

By abusing the flaws, an attacker could escalate their privileges to those of an administrator and completely take over a WordPress site.

“Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware,” noted researchers.

Ultimate Member is a free user profile plugin deployed to create online communities and membership sites with WordPress. It allows site owners to create custom roles and manage the privileges of site members.

“We discovered that the user registration form lacked some checks on submitted user data,” wrote researchers.

“This oversight made it possible for an attacker to supply arbitrary user meta keys during the registration process that would update those meta keys in the database.”

Researchers found the first flaw on October 19, 2020, and reached out to the plugin’s developer on October 23.

“After establishing an appropriate communication channel, we provided the full disclosure details on October 26, 2020,” said researchers.

The developer acted swiftly, sending Wordfence a copy of the first intended patch for testing on October 26.

“We confirmed the patch fixed one of the vulnerabilities, however, two still remained,” said researchers.

The remaining flaws were fixed with an updated copy provided by the developers to Wordfence three days later. A patched version of Ultimate Member, 2.1.12, was released on October 29, 2020.

“The privilege escalation vulnerabilities found in the WordPress Ultimate Member plugin demonstrate the continued risks of plugins to any web application making them a regular target for attackers. Just one compromised third-party plugin can infect tens of thousands of websites in one stroke,” commented Ameet Naik, security evangelist at PerimeterX.

“Businesses must understand the risks imposed by third-party WordPress plugins and must secure their websites using web application firewalls, as well as client-side visibility solutions that can reveal the presence of malicious code on their sites.”

 

We’re Synium IT, how can we help?

Our aim is to become a seamless and invaluable part of your team – so you can be sure of exceptional service and a proactive, friendly and jargon-free approach to IT.

Synium IT provides the full range of IT support services to organisations throughout the West Midlands.  Our approach is to deliver the very best IT Support services to our clients for great value for money, with no contract tie-in. Allowing you to experience the benefits of your own IT support partner without any risk.

Contact us today on 0121 663 0203 to find out more about how we can help.

 

News Source: https://www.infosecurity-magazine.com/

 

Call us on 0121 663 0203 or email hello@synium.co.uk

Alternatively, fill in the form opposite and one of our team will call you back.