Discovered WordPress Vulnerabilities (August 2020)

Discovered WordPress Vulnerabilities (August 2020)

Fortunately, last month, like July, no specific vulnerabilities were discovered or reported in the WordPress kernel. But a lot of vulnerabilities have been found in the various plugins and templates of this CMS, which we will introduce in the following.

If you also use and use this plugin, you need to update and fix it as soon as possible, otherwise there is a possibility that the site will be hacked.

Vulnerabilities discovered in WordPress plugins

In this section, we will examine the ways of hackers penetrating through the plugins that you have installed on WordPress.

Infiltrate WordPress through plugins

XSS vulnerability in Recall Products plugin

This vulnerability is of the XSS Stored type and allows the hacker to execute malicious JavaScript code.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.

SQL Injection vulnerability in the Recall Products plugin

Manufactorer [] POST parameter in this plugin has SQL Injection vulnerability. This vulnerability is proven when a deletion request is sent.

Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.

XSS vulnerability in WP Smart CRM & Invoices plugin

The vulnerability is XSS Stored and allows the hacker to execute malicious JavaScript code using fields such as The Business Name and Tax Code.

Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.

XSS vulnerability in Ceceppa Multilingual plugin

This vulnerability is of the Reflected type and allows the hacker to execute its malicious code in the tab parameter.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.

XSS vulnerability in Bulk Change plugin

This vulnerability is of the Reflected type and affects the ‘s’ parameter due to the lack of security filters, and malicious JavaScript code can be injected through this parameter.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.

XSS Vulnerability in WP Floating Menu Plugin

This vulnerability is of the Reflected type and the hacker will be able to execute his malicious JavaScript code through the status parameter in the subscribe_sidebar file.
Vulnerable versions of this plugin: 1.3.1 and earlier

Unauthenticated File Upload Vulnerability in Quiz and Survey Master Plugin

Because there is no validation on the names of the files uploaded in this plugin, the hacker can upload his malicious php files (such as web shells) as a double extension to the server. For example: shell.php.jpeg
Vulnerable versions of this plugin: 7.0.2 and earlier

XSS vulnerability in FooGallery plugin

The vulnerability was discovered due to the lack of proper filtering in the user input in the image title or caption, and the hacker will be able to execute his malicious code.
Vulnerable versions of this plugin: 1.9.25 and earlier.

Authenticated File Upload Vulnerability in Autoptimize Plugin

Due to the lack of review of uploaded files in AJAX requests sent by ao_ccss_import, a high-access user will be able to upload their php files, which could eventually lead to an RCE attack.
Vulnerable versions of this plugin: 2.7.7 and before

SQL Injection Vulnerability in RSVP Maker Plugin

This vulnerability was detected because there are no restrictions on user inputs in signed_up_ajax (). Using it, the hacker will be able to execute his queries.
Vulnerable versions of this plugin: 7.8.2 and before

Payment Bypass Vulnerability in WooCommerce Plugin – NAB Transact

In this plugin, due to the lack of validation of the request processing status, the hacker can send his fake request at the time of ordering and register his order as a paid order.
Vulnerable versions of this plugin: 2.1.2 and before

CSRF vulnerability in the Contact Form – Form builder by Kali Forms plugin

Due to the way this plugin is coded, the hacker will be able to bypass security nonces and eventually attack CSRF.
Vulnerable versions of this plugin: 2.1.2 and before

Information Disclosure vulnerability in Advanced Access Manager plugin

Using this vulnerability, it will be possible to reveal things like hashed managers’ passwords and their abilities and roles.
Vulnerable versions of this plugin: 6.6.2 and earlier.

 

Authorization Bypass and Privilege vulnerability in Advanced Access Manager plugin

Using this vulnerability, any admin with a low access level will be able to change their role and increase or decrease their access level. This will be possible by submitting a POST request and changing the role parameters.

Vulnerable versions of this plugin: 6.6.2 and we before that

Vulnerabilities discovered in WordPress themes

In this section, we will examine the ways of hackers penetrating through WordPress templates and remind the essential points.

Infiltrate WordPress through templates

XSS Vulnerability in Home Villas Theme

Several vulnerabilities such as Reflected XSS and Persistent XSS have been discovered in this theme and the hacker will be able to execute his code.
Vulnerable versions of this template: Up to now, all versions of this template are vulnerable.

XSS Vulnerability in Geo Magazine Theme

This vulnerability is of the Reflected XSS type and the hacker will be able to execute its malicious code.
Vulnerable versions of this template: Up to now, all versions of this template are vulnerable.

XSS vulnerability in Nova Lite theme

This vulnerability is of the Reflected XSS type and due to the lack of proper validation in the search query, it leads to the execution of malicious code by the hacker.
Vulnerable versions of this plugin: 1.3.9 and earlier.

XSS Vulnerability in FoodBakery Theme

This vulnerability is of Reflected XSS type and exists in the location parameter of the search query.
Vulnerable versions of this plugin: 2.0 and earlier.

File Upload Vulnerability in Elegant Themes

Using this vulnerability, a user with a contributor access level can upload their favorite php files, which may eventually lead to RCE.
Vulnerable versions of this plugin: 4.5.3 and earlier.

The last word

We emphasize again, if you use these plugins and templates on your website, update them as soon as possible so that your site does not have security problems.

 

 

 

About the Author

Leave a Reply