Friday, November 1, 2024
HomeCVE/vulnerabilityWordPress Team Secretly Fixed A Zero-Day Critical Content Injection Vulnerability

WordPress Team Secretly Fixed A Zero-Day Critical Content Injection Vulnerability

Published on

Malware protection

The WordPress security team revealed that they’ve secretly fixed a zero-day vulnerability in the WordPress CMS REST API.The vulnerability in this case would allow for content injection as well as privilege escalation .

This vulnerability allows an unauthenticated user to “modify the content of any post or page within a WordPress site”

Sucuri, the company that discovered the issue worked closely with WordPress and help them to patch this vulnerability .

- Advertisement - SIEM as a Service

WordPress has been revealed and Released The revised WordPress 4.7.2 security log now also mentions “an unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint,” discovered by Sucuri researcher Marc-Alexandre Montpas.

Sucuri Explained in Blog  We disclosed the vulnerability to the WordPress Security Team who handled it extremely well.They worked closely with us to coordinate the disclosure timeline and get as many hosts and security providers aware and patched before this became public

“A fix for this was silently included on version 4.7.2 along with other less severe issues. This was done intentionally to give everyone time to patch. We are now disclosing the details because we feel there has been enough time for most WordPress users to update their sites.”

No zero-day exploitation attempts detected

WordPress team confirmed that the security team had indeed patched a secret flaw without telling its users.

Campbell also confirmed WordPress’ and Sucuri’s efforts to notify major WordPress hosting providers and web security firms of the zero-day.

Thankfully, no attempts to exploit the vulnerability have been detected, neither by Sucuri’s web firewall, or one from other providers.

Most of the hosts we worked with had protections in place. Data from all four WAFs and WordPress hosts showed “no indication that the vulnerability had been exploited in the wild.”

As a result, we made the decision to delay disclosure of this particular issue to give time for automatic updates to run and ensure as many users as possible were protected before the issue was made public.

Are you at risk  ? From the Sucuri,

  1. This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0.
  2. One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site.
  3. The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress then it is currently vulnerable to this bug.

Content injection attack

Content injection attack refers to inserting malicious content into a legitimate site.

In addition to deceptive actions such as redirecting to other sites, malicious content can install crimeware on a user’s computer through a web browser vulnerability or by social engineering, such as asking a user to download and install anti-virus software that actually contains crimeware.

There are three primary classes of content injection attacks, each of which has many possible variations:

  • Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.
  • Crimeware can be inserted into a site through a cross-site scripting vulnerability.
  • Malicious actions can be performed on a site through an SQL injection vulnerability.

Also Read :

 

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM...

Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting...