Login

Tag Archives: Privilege Escalation

19 Apr 2022

Recently Closed WordPress Plugin with 40,000+ Installs Contains Privilege Escalation Vulnerability

On Monday, the WordPress plugin WP SVG Icons was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 40,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our services about. What we found was that it at least contains a minor vulnerability.

The plugin registers the function svg_delete_custom_pack_ajax() to be accessible through WordPress’ AJAX functionality by anyone logged in to WordPress: [Read more]

15 Mar 2022

Vulnerability Details: Privilege Escalation in Quick Adsense

Yesterday, the WordPress plugin Quick Adsense was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 70,000+ installs), our systems warned us about the closure. By the time we were going to look to see if there was a vulnerability we should warn customers of our services about, an update had been released.

[Read more]

11 Mar 2022

Security Issues With Accept Stripe Payments WordPress Plugin

Earlier today a topic was created on the WordPress support forum for the plugin Accept Stripe Payments questioning whether there was a security hole in the plugin:

We’ve had hundreds of small fake charges to random people made by our Stripe account. I even got some calls from random people asking why we charged them! This is due to some fraudsters using our Stripe API key for card testing (testing whether a stolen card is valid). [Read more]

28 Feb 2022

Update to WordPress Plugin Mistape Appears to Add Malicious Backdoor

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught what looks to be an even more serious issue, what appears to be a malicious backdoor being added to the plugin Mistape, which has 3,000+ installs.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

11 Jan 2022

WordPress Plugin Directory Team Fails to Flag Base64 Encoded Code That Creates Backdoor Account

In 2017 there was a very bad situation where the two people running the WordPress Plugin Directory allowed a plugin containing malicious code to return in to the directory twice, only to have malicious code added again each time. Somehow that situation didn’t lead to a shakeup of the team running that, to address the two problematic people who have long controlled that.

In the third instance, part of the code was obfuscated using bae64 encoding. In the comments on a post on the WP Tavern about the situation, there were a couple of comments noting that should have flagged that code: [Read more]

4 Jan 2022

Misuse of WordPress REST API Permission Callback Leads to Privilege Escalation Vulnerability in OMGF

Last week someone posted on the support forum for the WordPress plugin OMGF on the support forum for the plugin on wordpress.org about a claimed security vulnerability in the plugin. A moderator deleted that posting. The plugin hasn’t been updated, so either there wasn’t a vulnerability or the moderator hasn’t made sure it was addressed. So deleting the topic seems problematic.

After being notified of the message about deleting that topic, we checked over the plugin for obvious security issues and we found that the plugin does contain a vulnerability. The vulnerability would allow anyone logged in to WordPress to utilize the plugin’s capability to download fonts. It looks like that could be abused to fill up all the disk space available to the website, by downloading many copies of a font and having them saved in directories with different names. [Read more]