Serious holes for three WordPress plugins: 400 thousand sites at risk
Updates are already available: it is recommended to install them immediately to avoid the risk of being compromised.
In recent days, some serious vulnerabilities have been brought to light by three WordPress plugins – InfiniteWP, WP Time Capsule, and WP Database Reset – which are installed on over 400 thousand websites overall. We recommend to everyone who manages WordPress sites that make use of these plugins to immediately check the update to the most recent version of each, which solves the flaws.
The highest impact vulnerability affects Infinite WP Client, a plugin that allows you to manage multiple websites from a single server. The flaw allows anyone to log into an account with administrator privileges without any credentials, with the consequent possibility of performing any kind of action: from deleting content to adding new users to conducting any type of attack or activity harmful.
To exploit the vulnerability, it is sufficient to know only the username of a valid account and to include a suitably constructed package in a POST request sent to the vulnerable site. Anyone who uses Infinire WP Client in version 1.9.4.4 and earlier should immediately update to version 1.9.4.5. Infinite WP Client is installed on over 300 thousand websites. Wordfence delves into the problem.
The problem is similar to the WP Time Capsule plugin, which aims to allow easier management of the backups of the website on which it is installed. Also, there is the possibility of bypassing the authentication allowing an attacker to log in as an administrator.
In this case, by including an appropriate string in a POST request, the attacker can obtain a list of administration accounts and automatically login with the first one in the list. The bug has been fixed in version 1.21.16, and also, in this case, we urge WordPress site administrators who use the plugin to update immediately. WP Time Capsule is installed on over 200 thousand websites. WebARX details the vulnerability.
As for the WP Database Reset plugin, there are two vulnerabilities: one allows anyone, even without authentication, to reset any database table to its original state. In this case, the problem arises from the fact that the reset function is not protected by standard controls or safety nonce.
Anyone who exploited it could cause a complete loss of data or a reset of the site to the default WordPress settings. The second flaw, on the other hand, can cause a situation of so-called ” privilege escalation ” and allows any authenticated user, even with minimal rights, to obtain administrative privileges and oust other users.
In this case, we recommend upgrading to version 3.15, which addresses both vulnerabilities. WP Database Reset is installed on 80 thousand sites. The analysis is also in this case of Wordfence.
