Remote Code Execution Found in WordPress Plugin

Now we can easily implement remote code execution in a WordPress Plugin that will help us to manage download files and we can also use this plugin for low-level attack to run code on website.

“The plugin used a custom method to handle certain types of Ajax requests which could be abused by an attacker to call arbitrary functions within the application’s context. There were no permission checks before handling these special Ajax calls. This allowed a malicious individual (with a minimal knowledge of WordPress internals) to inject a backdoor on the remote site or to change the administrator’s password if the name of his account was known. As this function is hooked to the ‘wp’ hook (which is executed every single time somebody visits a post/page), it could be abused by anyone,” Mickael Nadeau of Sucuri wrote in an analysis of the bug.

wordpress_plugin

WordPress is one of the most popular CMS that is used for small and large website. Attackers often try their techniques on WP sites, they attacked on website by mass code injection in past.

The problems are caused by an Ajax function in WP download manager, they didn’t check permissions.

“Any WordPress based website running the WP Download Manager version would be susceptible to remote code execution. Allowing an attacker to inject a backdoor and change important credentials, like admin accounts,” Nadeau said.

Read More: Remote Code Execution in WordPress Plugin

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s