Thursday, January 23, 2025
HomeCyber Security NewsWordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

Published on

SIEM as a Service

Follow Us on Google News

A critical remote code execution vulnerability has been patched as part of the WordPress 6.4.2 version.

This vulnerability exists in the POP chain introduced in version 6.4, which can be combined with a separate Object Injection, resulting in the execution of arbitrary PHP code on the website.

There was no CVE assigned for this vulnerability. However, WordPress urges its users to upgrade to this latest version to prevent full site takeover attacks in case another vulnerability exists.

WordPress POP Chain Flaw

This vulnerability exists in the WP_HTML_Token class, which is used to improve HTML parsing in the block editor.

This class contains a __destruct method that gets executed automatically when the PHP has processed the request. It also uses call_user_func to execute the function passed to the on_destroy property. 

A threat actor can take full control over the on_destroy and bookmark_name properties by exploiting an Object Injection vulnerability and executing arbitrary code on the website.

public function __wakeup() {
  throw new \LogicException( __CLASS__ . ‘ should never be unserialized’ );
}
Source: WordPress

Moreover, there is a potential POP chain in the WordPress core that can increase the risk of any Object Injection vulnerabilities. However, the current version of WordPress’ newly added __wakeup method uses a serialized object with the WP_HTML_Token class that prevents the __destruct function from executing. 

A complete report about this vulnerability has been published by Wordfence, which provides detailed information about the source code, analysis, and other information. 

Users of WordPress are recommended to upgrade to the latest version 6.4.2, to prevent this vulnerability from getting exploited by threat actors.

To install the latest version of WordPress, a complete guide with a step-by-step procedure has also been provided.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...