Thousands Of WordPress Sites Exposed 

Uploaded on 2023-07-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

More than 200,000 WordPress sites have less security which exposes them to attacks that target the Ultimate Member Plugin. This is a service designed to make it easier to allow users to add profiles, define roles, and create member directories. But this allows hackers to add new administrative accounts to the user group.

Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member lets attackers add a new user account to the administrators group. The defect is a Cross Site Request Forgery (CSRF).

A CSRF flaw means that site does not distinguish between intentional actions taken by the user and forged requests generated by a malicious link or script request. This CSRF flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site allowing potential attackers to remotely execute arbitrary code on websites running vulnerable Code Snippets installation.

A high severity CSRF bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.

Some of the plugin’s users have observed the creation of rogue accounts and reported them recently, but the attacks appear to have been ongoing at least since the beginning of June this year. WPScan, WordPress’s security firm, says that the bug is rooted in a conflict between the plugin’s blocklist logic and WordPress metadata keys. 

Hackers can exploit operational differences between the plugin and WordPress to trick Ultimate Member into updating the metadata keys. 

These keys include data that contain user role and capability information. WordPress advised site owners to disable the problematic plugin and closely monitor administrative accounts on their websites. While the WordPress plugin library doesn't provide daily downloads stats, roughly 58K users have downloaded and installed the latest version which means that at least 140K WordPress websites running this plugin are still exposed to potential takeover attacks.

Site owners who think they are at risk are advised to disable Ultimate Member to prevent exploitation of the vulnerability. They should also audit all administrator roles on their sites, to identify rogue accounts.

WPScan:  Cyware:   Threatpost:    Oodaloop:    Hacker News:   Security Week:   Bleeping Computer:   Techradar

You Might Also Read: 

WordPress Comprises 90% Of Hacked Sites:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Seven Stages Of Cyber Resilience:
Canada Might Lose Its Dispute With Google »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

CSC Cyber Games

CSC Cyber Games

CSC Cyber Games is an innovative platform dedicated to empowering individuals with the tools and knowledge to excel in the ever-evolving world of cybersecurity.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

SafeCipher

SafeCipher

At SafeCipher, we pride ourselves on being your single vendor-neutral resource for navigating the complexities of cryptographic data encryption.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Locket Cybersecurity

Locket Cybersecurity

Locket’s certified students provide pro-bono security audits for small and medium-sized businesses in the Chicagoland area.

Enaviya Information Technologies

Enaviya Information Technologies

Enaviya offer a comprehensive set of manual and automated software testing services adhering to standard quality assurance for best practices and processes.