{"id":218,"date":"2015-08-28T17:27:30","date_gmt":"2015-08-28T17:27:30","guid":{"rendered":"http:\/\/www.ahosting.net\/blog\/?p=218"},"modified":"2015-08-28T17:27:30","modified_gmt":"2015-08-28T17:27:30","slug":"more-wordpress-plugin-vulnerabilities-have-surfaced-heres-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/www.ahosting.net\/blog\/more-wordpress-plugin-vulnerabilities-have-surfaced-heres-what-you-need-to-know\/","title":{"rendered":"More WordPress Plugin Vulnerabilities Have Surfaced – Here’s What You Need To Know"},"content":{"rendered":"

We\u2019ve said it before, and we\u2019ll say it again. Even though WordPress is one of the most frequently-targeted platforms for cybercriminals; even though it seems like there\u2019s a new vulnerability connected to the platform every week, WordPress itself is not particularly insecure. Its popular, and its plugin architecture is incredibly open. <\/span><\/p>\n

Because of that openness – and because anyone can develop a plugin for the CMS – we see vulnerabilities pop up more frequently than we would with closed platforms. I\u2019d like you to keep that in mind as we go over the latest crop to surface. There are four in total – three XSS vulnerabilities and an SQL exploit; all uncovered by the same security firm.<\/span><\/p>\n

We\u2019ll start with the three XSS vulnerabilities. <\/span><\/p>\n

The first is <\/span>a stored vulnerability<\/span><\/a> connected to version 3.0 of the <\/span>iframe plugin<\/span><\/a>. According to researcher Tom Adams, this cross-site-scripting bug allows users without the \u201cunfiltered_html\u201d capability to inject pages with arbitrary HTML. Naturally, this means it can easily be used to execute malicious code on a targeted website, gaining access to highly sensitive information.<\/span><\/p>\n

The second – also tied to WordPress\u2019s iframe plugin – is <\/span>a reflected vulnerability<\/span><\/a> which exploits \u201cget_params_from_url.\u201d All that\u2019s necessary for this one is for the argument to be present in the iframe shortcode – the hacker can do the rest. Now, given that both vulnerabilities have been circulating for a few days now, they should be patched, right?<\/span><\/p>\n

Well…yes and no. Although version 4.0 of iframes <\/span>does <\/b>address the reflected vulnerability, according to Adams, the developer has failed to patch every vector through which the stored vulnerability might be exploited. What this means, in essence, is that until a new version of iframes comes out, it\u2019s still unsafe to use.<\/span><\/p>\n

\u201cThe vendor has released version 4.0 in which onload is disabled, but the other \u2018event\u2019 attributes are still permitted, including onpageshow,\u201d Adams explains. \u201cA number of these event attributes could still be used to execute this attack, so this issue is not resolved.\u201d <\/span><\/p>\n

The<\/span> last of the three vulnerabilities<\/span><\/a> impacts <\/span>Yoast\u2019s Google Analytics Plugin<\/span><\/a>. Unlike the other two, this one\u2019s tied directly to user permissions – but it\u2019s also obscure enough to be considered the least severe of the three. With this vulnerability, a user with the \u201cmanage_options\u201d capability but without the \u201cunfiltered_html\u201d capability is able to inject admin pages with arbitrary JavaScript. The fix for this one, then, is pretty easy: just make sure everyone has the unfiltered_html capability.<\/span><\/p>\n

Finally, social networking plugin <\/span>Symposium<\/span><\/a> is afflicted with a <\/span>Blind SQL Injection bug<\/span><\/a>, affecting all versions of the tool prior to 15.8. Like most SQL injections, this bug allows an attacker to hijack the plugin and gain information from a site\u2019s database, including password hashes and usernames. To mitigate the bug, it\u2019s recommended that all users upgrade to version 15.8. <\/span><\/p>\n

As long as WordPress continues to be the most popular content management system on the web, we\u2019re going to continue seeing vulnerabilities – the majority of them related to the CMS\u2019s plugins. Don\u2019t think less of the platform for that, though. If it wasn\u2019t WordPress, there\u2019d be another CMS in the exact same boat.<\/span><\/p>\n

All you can do is make sure you patch your plugins whenever possible – after all, the benefits of WordPress far outweigh its (admittedly minor) risks.<\/span><\/p>\n

Image: Flickr\/mkhmarketing<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

We\u2019ve said it before, and we\u2019ll say it again. Even though WordPress is one of the most frequently-targeted platforms for cybercriminals; even though it seems like there\u2019s a new vulnerability connected to the platform every week, WordPress itself is not particularly insecure. Its popular, and its plugin architecture is incredibly open.<\/p>\n","protected":false},"author":2,"featured_media":219,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/comments?post=218"}],"version-history":[{"count":1,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":220,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/218\/revisions\/220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media\/219"}],"wp:attachment":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media?parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/categories?post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/tags?post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}