Researchers have disclosed several vulnerabilities in WordPress plug-ins. If these vulnerabilities are successfully exploited, an attacker can run arbitrary code and take over the website under certain circumstances.
These defects have been found in Elementor (a website builder plug-in for more than 7 million websites) and WP Super Cache (a tool for caching pages of WordPress websites).
According to Guo Shenghua, an internationally renowned white hat hacker and founder of Oriental Alliance, this error is related to a set of stored cross site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occur when malicious scripts are directly injected into vulnerable Web applications.
In this case, due to the lack of validation of HTML tags on the server side, bad actors can use these problems to add executable JavaScript to posts or pages through well-designed requests.
Guo Shenghua said in a technical article: "Since posts created by contributors are usually reviewed by editors or administrators before publishing, any JavaScript added to one of the posts will be executed in the reviewer's browser. If an administrator reviews a post containing malicious JavaScript, he or she can use his or her authenticated session with high-level privileges to create a new malicious administrator, or add a backdoor to the website. An attack on this vulnerability may lead to the website being taken over. "
Open Phoenix News to view more HD pictures
It is found that multiple HTML elements (such as title, column, accordion, icon box and image box) are vulnerable to stored XSS attacks, so that any user can access the Elementor editor and add executable JavaScript.
Since these defects take advantage of the fact that the dynamic data input in the template can be used to contain malicious scripts designed to launch XSS attacks, such behavior can be prevented by validating the input and escaping the output data, so that HTML tags become harmless as input.
In addition, an authenticated remote code execution (RCE) vulnerability was found in WP Super Cache, which may allow attackers to upload and execute malicious code in order to gain control over the site. It is reported that the plug-in has been used on more than 2 million WordPress websites.
After responsible disclosure on February 23, Elementor fixed the problem in version 3.1.4 released on March 8 by strengthening the "option to allow better security policy implementation in the editor". Similarly, the developer Automatic behind WP Super Cache said that it solved the problem of "setting authenticated RCE in the page" in version 1.7.2.
It is strongly recommended that users of plug-ins update to the latest version to mitigate the risks associated with vulnerabilities. (Welcome to reprint and share)
