According to cybersecurity experts, a significant number of websites assigned to the WordPress platform may be vulnerable to malicious users due to three key security flaws in its plugin. The severity of this vulnerability can lead to complete compromise of the system.
The vulnerability is susceptible to cross-site request forgery (one-click) in the three (3) plugins which can see an authenticated user being tricked by an attacker into submitting a specially crafted web request which could lead to complete compromise of the web application if the user is logged in as the site administrator.
How it works
The cross-site request forgery (CSRF) bug, which has been assigned the number CVE-2022-0215 with a CVSS rating of 8.8 and affects three plugins maintained by Xootix can be seen as:
When an authenticated end-user is deceived into submitting a specially designed web request, it is known as cross-site request forgery, a one-click attack or session riding. “CSRF can compromise the entire web application if the victim has logged in with an administrative account,” according to a warning stated by OWASP.
The flaw comes from a lack of validation when processing AJAX requests, which allows the attacker to set the “users_can_register”, meaning that the option for anyone registered to the site is set to true and the “default_role” setting for the user registered to the blog is then set to administrator, basically giving them absolute control.
To combat this vulnerability, users are advised to follow the steps below:
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.