Now we can easily implement remote code execution in a WordPress Plugin that will help us to manage download files and we can also use this plugin for low-level attack to run code on website.
“The plugin used a custom method to handle certain types of Ajax requests which could be abused by an attacker to call arbitrary functions within the application’s context. There were no permission checks before handling these special Ajax calls. This allowed a malicious individual (with a minimal knowledge of WordPress internals) to inject a backdoor on the remote site or to change the administrator’s password if the name of his account was known. As this function is hooked to the ‘wp’ hook (which is executed every single time somebody visits a post/page), it could be abused by anyone,” Mickael Nadeau of Sucuri wrote in an analysis of the bug.
WordPress is one of the most popular CMS that is used for small and large website. Attackers often try their techniques on WP sites, they attacked on website by mass code injection in past.
The problems are caused by an Ajax function in WP download manager, they didn’t check permissions.
“Any WordPress based website running the WP Download Manager version would be susceptible to remote code execution. Allowing an attacker to inject a backdoor and change important credentials, like admin accounts,” Nadeau said.
Read More: Remote Code Execution in WordPress Plugin