Details of severe vulnerabilities in a widely-used WordPress plugin reveal that more than 100,000 websites may have been exposed to site takeovers. The details were revealed by security researcher Chloe Chamberland at Wordfence.
The flaws were found in ‘Responsive Menu,’ a plugin that offers its users customizable mobile-friendly menu options in WordPress installs.
The first vulnerability made it possible for authenticated cybercriminals with low-level permissions to achieve remote code execution and upload arbitrary files.
The other two flaws made it possible for hackers to forge requests capable of modifying the plugin’s settings and upload arbitrary files that could also lead to achieving remote code execution.
The three vulnerabilities give hackers site takeover functionality that could allow them to create backdoors, malicious redirects, spam injections, and perform a host of other malicious actions.
The vulnerabilities were discovered in December last year by Wordfence. Trying to reach ExpressTech, the developer behind Responsive Menu, was a challenge. The researchers waited for a response and when they didn’t get one, they contacted the WordPress Plugin team on January 10 and a response came the next day.
A patch was released on January 19 for the critical vulnerabilities. It is worth noting that many are still running unpatched versions, according to Wordfence.
Consequences tend to be harsh
Ameet Naik, the security evangelist at application protection firm PerimeterX, says that outdated or vulnerable plugins are a way for hackers to install malicious Shadow Code that could give them full access to an entire WordPress website.
The techniques that have been used to launch digital skimming and other incidents like the Magecart attacks resulted in the theft of millions of credit card numbers.
Website owners need to review plugins regularly and make sure that any known flaws are fixed.