Targeting WordPress elements is anticipated. As being the largest CMS currently, plugins of it are often exploited in the one way or other. A newly exposed security threat in InfiniteWP Client and WP Time Capsule led anyone to access the administrator’s account without a password, but just the username. This turned out to be so critical as the two plugins affected by this vulnerability are used by more than 300,000 WP users today!
The content management platform, WordPress is so big that, it powers almost one-third of internet websites and has numerous developers and content creators working on every single minute. So exploiting that could obviously be lucrative. Since last year, exploitations from developer-made plugins are on the rise, which eventually makes users site vulnerable to attacks. Popular plugins as Jetpack, Rich Reviews, Elementor and Beaver were used by hundreds and thousands of users had security vulnerabilities, which were addressed eventually.
Free Bypass To Almost Everyone
First discovered by we WebARX Cybersecurity firm, the vulnerabilities were reported to makers on 7th January this year and they’re soon to respond with an immediate patch the very next day. As WebARX defined,
“Both the plugins contain logical issues in the code that allows you to login into an administrator account without a password “
These plugins are helpful for allowing users to sign in to multiple WordPress sites from one central server. Further, they function for site’s maintenance as activating/deactivating plugins, single-click updates for themes, core plugins, backup and restores across sites with ease. After filtering through the WordPress plug-in library, the unsafe versions of InfiniteWP Client is by more than 300,000 users and the WP Time Capsule by around 20,000 users.
The researcher described that InfiniteWP Client plugin (affected versions 18.104.22.168 and below) can be exploited by first encoding a payload with JSON and next with Base64. Later it’s sent as raw to the targeted site in a POST request. The other plug-in as WP Time Capsule (affected versions 1.21.16 and below) had a vulnerability in a certain string of its body of the raw POST request. These are further detailed in WebARX’s blog.
Problems as such are often unnoticed. As the authentication bypass vulnerabilities are due to logical mistakes in code, which makes them undetectable to general cloud-based firewalls. Though a malicious payload is dumped, it’s encoded, making it hard to differentiate from legitimate ones. The only way to secure is by updating them to newly released versions.