Thursday, October 3, 2024
HomeCyber AttackDiscontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

Published on

A critical vulnerability was discovered in two plugins developed by miniOrange.

The affected plugins, miniOrange’s Malware Scanner and Web Application Firewall, contained a severe privilege escalation flaw that could allow unauthenticated attackers to gain administrative access to WordPress sites.

This discovery underscores website administrators’ ongoing risks and challenges in securing their digital assets against sophisticated cyber threats.

- Advertisement - EHA

CVE-2024-2172: A Critical Vulnerability

The core of the issue lies in a privilege escalation vulnerability identified under the CVE ID CVE-2024-2172. It has a CVSS score of 9.8, indicating a critical level of severity.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

This flaw was present in versions up to and including 4.7.2 of the Malware Scanner plugin and 2.1.1 of the Web Application Firewall plugin.

The vulnerability allowed unauthenticated individuals to escalate their privileges to that of an administrator by updating the user password through a missing capability check in the mo_wpns_init() function.

Discovery and Response

The vulnerability was discovered by a researcher named Stiofan, who reported it through the Wordfence Bug Bounty Program during their second Bug Bounty Extravaganza on March 1, 2024.

Wordfence, a leading provider of WordPress security solutions, confirmed the flaw and identified that it also affected the miniOrange’s Web Application Firewall plugin.

In recognition of the discovery, Stiofan was awarded a bounty of $1,250.00.

Wordfence acted swiftly to mitigate the risk posed by this vulnerability.

On March 4, 2024, Premium, Care, and Response users of Wordfence received a firewall rule to protect against exploits targeting this flaw.

Users of the accessible version of Wordfence were scheduled to receive the same protection on April 3, 2024.

Upon notification of the vulnerability, miniOrange responded by permanently closing the affected plugins on March 7, 2024, leaving no patch or update available for users.

This drastic measure highlights the severity of the vulnerability and the potential risks to WordPress sites if left unaddressed.

This incident is a stark reminder of the importance of maintaining up-to-date security measures for WordPress sites.

Website administrators are urged to delete the affected miniOrange plugins from their sites immediately and seek alternative solutions to ensure their digital assets remain secure.

Collaborative Efforts in Cybersecurity

The discovery and resolution of this vulnerability demonstrate the critical role of bug bounty programs and collaborative efforts between security researchers and plugin developers in identifying and mitigating security risks.

The Wordfence Bug Bounty Program, in particular, has proven invaluable in securing the WordPress ecosystem by encouraging researchers to report vulnerabilities responsibly.

The discontinuation of miniOrange’s Malware Scanner and Web Application Firewall plugins after discovering a critical privilege escalation vulnerability is a cautionary tale for the WordPress community.

It underscores the need for continuous vigilance, timely updates, and collaborative security efforts to protect against the ever-evolving landscape of cyber threats.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now...