Security researchers at DXW Security, a British cybersecurity firm have discovered a raft of vulnerabilities among three individual plugins used by WordPress, reports ThreatPost. Chief among them are cross-site scripting vulnerabilities, also known as XSS vulnerabilities which could grant administrative privileges, warned the researchers.
The vulnerabilities that won’t go away
WordPress’ iframe plugin version 3.0 contains two XSS vulnerabilities, one which is stored and the other reflected, researchers noted. The first, a stored vulnerability could potentially grant users the means to insert arbitrary HTML code into pages, thereby exceeding their granted privileges, warned Tom Adams, a developer at DXW Security.
Subsequently, the reflected XSS vulnerability “allows authenticated users to do almost anything an admin can,” according to an advisory released by the security firm.
Although WordPress claims that these vulnerabilities have since been resolved with iframe version 4.0, Tom Adams notes that the stored XSS vulnerability is still active in the newest update and recommends users to disable the plug-in entirely until a new version is released with the vulnerability patched.
Related Article: WordPress Plugin Bug Puts Millions of Websites at Risk
Another vulnerability was discovered in the Google Analytics plugin by Yoast, also proving to be an XSS vulnerability. This could enable a privileged user to target and attack other users by pushing arbitrary JavaScript to web pages. This particular vulnerability flares up because certain users have the means to edit “capabilities” for other users.
“A user with the manage_options capability but not the unfiltered_html capability is able to add arbitrary JavaScript to a page visible to admins,” Adams noted regarding the vulnerability on Monday.
Symposium, a social networking plugin used by WordPress also contained a blind SQL injection vulnerability, as discovered by the firm. The threat here is that an attacker who has successfully exploited a vulnerability will have the ability to extract password hashes and other crucial information from a website’s database, warned Glyn Wintle, a security researcher who discovered the bug. In this case, Symposium’s creator – Simon Goodchild has since reported that the bug is fixed in version 15.8, about four weeks after the vulnerability was reported to him by DXW.
As a popular content management system used by millions around the world, WordPress is a target for attackers looking to infiltrate and breach the platform. Developers, security researchers and cybersecurity firms are routinely busy in staying on top of all things related to security on WordPress, by locating vulnerabilities and issuing fixes for the popular platform.
