Older versions of theWordPress plugin contains a vulnerability that allows an attacker to store malicious code in the website’s admin panel that could potentially help him take over the website.
At the time of writing, when accessing the WordPress Plugin directory’s Popular section, the first plugin listed above everyone else is All in One SEO Pack by Semper Fi Web Design.
The plugin helps webmasters improve their site’s SEO (Search Engine Optimization) features via an easy to use wall of on/off settings.
Issue found in the Bot Blocker feature
One of those settings is called Bot Blocker and allows users to decide what search engine crawlers to block from accessing their site. This setting is off by default, so there’s no reason for all plugin users to worry.
Where webmasters have turned this feature on, they probably know that it also logs all rejected bots and the time when they visit their sites.
According to security researcher, the plugin logs these visits without sanitizing the text included in the User Agent strings and Referrer headers sections.
Vulnerability exploitation is trivial
An attacker only has to change one of these two features by appending malicious code at the end, for a bot that he knows is blocked on the site.
This (malicious) code gets stored in the WordPress site’s database and automatically executed when the admin visits the log page.
Webmasters using this plugin should know that this issue is fixed in the plugin’s latest version, which at the time of writing is 2.3.7. This attack was only tested in All in One SEO Pack version 22.214.171.124, which doesn’t exclude the fact that older versions might be vulnerable as well. In this case, updating to the latest version is advised.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article from FiveFilters.org: .