Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network

vulnerabilities in WordPress plugins

Three popular WordPress plugins, with tens of thousands of active installations, at once turned out to have critical SQL injection vulnerabilities. In addition, PoC exploits for these bugs are now publicly available.

The vulnerabilities were discovered by Tenable, who notified WordPress developers about them back in mid-December 2022, providing them with proof-of-concept exploits. Currently, plugin authors have already released patches to solve problems, so the researchers have revealed the technical details of the bugs found.

Let me remind you that we also wrote that GoTrim Malware Hacks WordPress Sites, and also that Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites.

Information security specialists also informed that Hackers Scanned 1.6 Million WordPress Sites Looking for a Vulnerable Plugin.

The first plugin vulnerable to SQL injection is Paid Memberships Pro, a membership and subscription management plugin used by over 100,000 sites.

The plugin does not escape the code parameter in the /pmpro/v1/order REST path before being used in a SQL statement, resulting in a vulnerability to unauthenticated SQL injection.the researchers write.

The vulnerability is being tracked as CVE-2023-23488 (CVSS score 9.8, i.e. critical) and affects all plugin versions older than 2.9.8. The issue has been fixed with the release of version 2.9.8.

The second vulnerable plugin is Easy Digital Downloads, an e-commerce and digital file selling plugin with over 50,000 active installations.

The plugin does not escape the s parameter in edd_download_search before being used in a SQL statement, which leads to a vulnerability to unauthenticated SQL injection.Tenable explains.

The vulnerability is being tracked as CVE-2023-23489 (also 9.8 on the CVSS scale) and affects all versions of the plugin older than released before January 5, 2023.

Tenable also discovered a CVE-2023-23490 issue in the Survey Marker plugin used by 3,000 survey sites. The vulnerability received a CVSS score of 8.8, as an attacker must be authenticated (at least as a subscriber) in order to exploit the bug. Unfortunately, this condition can be easily met, since many sites allow visitors to register as members.

The vulnerability in the plugin was fixed with the release of version 3.1.2 at the end of December 2022.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *