Patch this WordPress plugin bug, thousands of site owners warned

The Wordfence Threat Intelligence team has discovered two separate vulnerabilities in a popular WordPress plugin used to change how downlo...

The Wordfence Threat Intelligence team has discovered two separate vulnerabilities in a popular WordPress plugin used to change how download pages are displayed.

The plugin in question is called WordPress Download Manager and it has been installed on over 100,000 sites according to WordPress.org.

The first vulnerability can be exploited to achieve authenticated directory traversal according to Wordfence. While WordPress Download Manager had some protections in place to protect against directory traversal, they were far from sufficient. As a result, it was possible for a user such as a contributor with lower privileges to retrieve the contents of a site's wp-config.php file by adding a new download and performing a directory traversal attack.

From here, upon previewing the download, the contents of the wp-config.php file would be visible in the page's source code. However, since the contents of the file were echoed out onto the page source, a user with author-level permissions could also upload a file with an image extension containing malicious JavaScript and set the contents of file[page_template] to the path of the uploaded file which could result in Stored Cross-Site Scripting.

Double extension attack

Before Wordfence discovered these two vulnerabilities, the team behind the WordPress Download Manager patched a vulnerability that allowed users to upload files with php4 extensions as well as other potentially executable files.

Although this patch protected many configurations, it only checked the very last file extension which made it possible for an attacker to carry out a “double extension” attack by uploading a file with multiple extensions like info.php.png.

The Wordfence Threat Intelligence Team responsibly disclosed its findings to the WordPress Download Manager team at the beginning of May and the plugin's developer released a patched version of the plugin the following day.

Still if you're a WordPress site owner that uses the plugin, it is highly recommended that you update to the latest version immediately to avoid falling victim to any attacks exploiting these two now patched vulnerabilities.



from TechRadar - All the latest technology news https://ift.tt/3BZwwcR
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Patch this WordPress plugin bug, thousands of site owners warned
Patch this WordPress plugin bug, thousands of site owners warned
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/07/patch-this-wordpress-plugin-bug.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/07/patch-this-wordpress-plugin-bug.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy