WordPress Plugin Vulnerability

It was reported this week that a WordPress Plugin -‘Revolution Slider’ has a major vulnerability in it that allows a hacker to download files from the server. This vulnerability was discovered some months ago but has been kept under wraps by the devlopers.

The problem is that this plugin is often built into the theme so the it needs to be corrected by the theme developer and then the theme updated on the site. If this is the case then there may also be issue around any modifications made to your changwe that were not done under a ‘child theme’ case.

More details are discussed here –

Slider Revolution Plugin Critical Vulnerability Being Exploited

Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silently.

It turns out that the vulnerability was disclosed via some underground forums. ThemePunch confirms that their plugin was patched in version 4.2 for those that purchase the plugin directly from them, and they include an auto-updater which would address the problem. The real issue lies in the way the plugin is wrapped into theme packages. ThemePunch’s approach to disclosing the issue was based on guidance they received. [updated 20140903]

This a very popular plugin, and appears to be one of the most downloaded slider plugins from Envato’s Marketplace – Code Canyon. It also appears to be bundled in theme packages so be sure to check your theme / plugins.

This is an example of where things go terribly wrong.

In this situation, a very popular plugin developer decided it was best not to disclose to anyone, in return patching silently. Mind you, this vulnerability was already disclosed as a Zero Day via underground forums, which you would have thought would incentivize a developer to work quickly and disclose even faster. No, instead a different course of action was taken.

Now, the vulnerability is being actively exploited in the wild. Yes, the vulnerability is severe enough that the attackers are able to compromise websites through it.

WordPress Slider Revolution Vulnerability

About 2 months ago someone publicly disclosed a serious vulnerability in the Slider Revolution Premium WordPress Plugin that allows a remote attacker to download any file from the server.

The proof of concept shared via underground sites shows how someone can easily download the wp-config.php:

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

This is used to steal the database credentials, which then allows you to compromise the website via the database.

This type of vulnerability is known as a Local File Inclusion (LFI) attack. The attacker is able to access, review, download a local file on the server. This, in case you’re wondering is a very serious vulnerability that should have been addressed immediately.

Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser.

UPDATE IMMEDIATELY, PLEASE!!!!.

Read More……

 

WordPress like other CMS systems is a great paltform to build your website on but it is critical that it is kep upto date and secure and a regular backup taken. We offer these services with our WordPress Support Services.

 

 

[tags]

 

Leave a reply "WordPress Plugin Vulnerability"

Your email address will not be published. Required fields are marked *

Rating*