Monday, December 4, 2023

WordPress Team Secretly Fixed A Zero-Day Critical Content Injection Vulnerability

The WordPress security team revealed that they’ve secretly fixed a zero-day vulnerability in the WordPress CMS REST API.The vulnerability in this case would allow for content injection as well as privilege escalation .

This vulnerability allows an unauthenticated user to “modify the content of any post or page within a WordPress site”

Sucuri, the company that discovered the issue worked closely with WordPress and help them to patch this vulnerability .

WordPress has been revealed and Released The revised WordPress 4.7.2 security log now also mentions “an unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint,” discovered by Sucuri researcher Marc-Alexandre Montpas.

Sucuri Explained in Blog  We disclosed the vulnerability to the WordPress Security Team who handled it extremely well.They worked closely with us to coordinate the disclosure timeline and get as many hosts and security providers aware and patched before this became public

“A fix for this was silently included on version 4.7.2 along with other less severe issues. This was done intentionally to give everyone time to patch. We are now disclosing the details because we feel there has been enough time for most WordPress users to update their sites.”

No zero-day exploitation attempts detected

WordPress team confirmed that the security team had indeed patched a secret flaw without telling its users.

Campbell also confirmed WordPress’ and Sucuri’s efforts to notify major WordPress hosting providers and web security firms of the zero-day.

Thankfully, no attempts to exploit the vulnerability have been detected, neither by Sucuri’s web firewall, or one from other providers.

Most of the hosts we worked with had protections in place. Data from all four WAFs and WordPress hosts showed “no indication that the vulnerability had been exploited in the wild.”

As a result, we made the decision to delay disclosure of this particular issue to give time for automatic updates to run and ensure as many users as possible were protected before the issue was made public.

Are you at risk  ? From the Sucuri,

  1. This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0.
  2. One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site.
  3. The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress then it is currently vulnerable to this bug.

Content injection attack

Content injection attack refers to inserting malicious content into a legitimate site.

In addition to deceptive actions such as redirecting to other sites, malicious content can install crimeware on a user’s computer through a web browser vulnerability or by social engineering, such as asking a user to download and install anti-virus software that actually contains crimeware.

There are three primary classes of content injection attacks, each of which has many possible variations:

  • Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.
  • Crimeware can be inserted into a site through a cross-site scripting vulnerability.
  • Malicious actions can be performed on a site through an SQL injection vulnerability.

Also Read :



Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles