Extending the stream of
vulnerable WordPress plugins, now joins Rank Math. Reportedly, a couple
of serious security vulnerabilities existed in the WordPress SEO Plugin
– Rank Math. One of these flaws could even give admin privileges to an
adversary.
Rank Math Plugin Vulnerabilities
Team Wordfence has come up with another interesting discovery this week.
They found a couple of security vulnerabilities in the WordPress SEO
Plugin Rank Math. They have explained their findings in a recent blog
post.
One of the two security flaws is a privilege escalation vulnerability
with a CVSS score of 10.0. This critical flaw existed due to an
unprotected REST API endpoint in the update metadata feature. Regarding
how the exploit would work, the researcher stated,
WordPress user permissions are stored in the usermeta table, which
meant that an unauthenticated attacker could grant any registered user
administrative privileges by sending a $_POST request to
wp-json/rankmath/v1/updateMeta, with an objectID parameter set to the
User ID to be modified, an objectType parameter set to user, a
meta[wp_user_level] parameter set to 10, and a
meta[wp_capabilities][administrator] parameter set to 1.
Furthermore, exploiting the same vulnerability would even allow the
attacker to lockout an administrator from their site.
The second vulnerability appeared due to unprotected REST API endpoint
linked with a module for creating site redirects. Explaining this
high-severity flaw, the blog reads,
To perform this attack, an unauthenticated attacker could send a
$_POST request to rankmath/v1/updateRedirection with a redirectionUrl
parameter set to the location they wanted the redirect to go to, a
redirectionSources parameter set to the location to redirect from, and a
hasRedirect parameter set to true. This attack could be used to prevent
access to all of a site’s existing content, except for the homepage, by
redirecting visitors to a malicious site.
Patches Rolled Out – Update Now!
After discovering the flaws on March 23, 2020, team Wordfence reached
out to the plugin developers to report the bugs. Fortunately, the
developers quickly worked to develop patches for the vulnerabilities.
Eventually, after three days, they rolled out the WordPress SEO Plugin –
Rank Math version 10.0.41 with the fixes. Hence, users of this plugin
must ensure updating their sites with the patched version to keep their
sites safe.
Let us know your thoughts in the comments.
No comments:
Post a Comment