WordPress Patches 3-Year-Old High-Severity RCE Bug

  • Tom
  • published date: 2020-10-30 16:56:00 UTC

In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.

<div class="c-article__content js-reading-content"> <p>WordPress released a 5.5.2 update to its ubiquitous web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack.</p> <p>In all, the <a href="" target="_blank" rel="noopener noreferrer">WordPress Security and Maintenance Release</a> tackled 10 security bugs and also brought a bevy of feature enhancements to the platform. WordPress said the update was a “short-cycle security and maintenance release” before the next major release version 5.6. With the update, all versions since WordPress 3.7 will also be current.</p> <p>Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.<br> <a href=""><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="" alt="" width="700" height="50"></a></p> <p>“The vulnerability allows a remote attacker to compromise the affected website,” WordPress wrote in its bulletin posted Friday. “The vulnerability exists due to improper management of internal resources within the application, which can turn a denial of service attack into a remote code execution issue.”</p> <p>The researcher who found the bug, Omar Ganiev, founder of DeteAct, told Threatpost that the vulnerability’s impact may be high, but the probability an adversary could reproduce the attack in the wild is low.</p> <p>“The attack vector is pretty interesting, but very hard to reproduce. And even when the right conditions exist, you have to be able to produce a very accurate DoS attack,” he told Threatpost via a chat-based interview.</p> <p>“The principle is to trigger the DoS on the MySQL so that WordPress will think that it’s not installed and then un-DoS on the DB under the same execution thread,” Ganiev said. The bug was found by Ganiev three years ago, however he only reported it to WordPress on July 2019. The delay, he said, was to research different types of proof-of-concept exploits.</p> <p>Neither WordPress or Ganiev believe the vulnerability has been exploited in the wild.</p> <p>Four bugs rated “medium risk” by WordPress were also patched. All of the flaws affected WordPress versions 5.5.1 and earlier. Three of the four vulnerabilities – a cross-site scripting flaw, improper access control bug and a cross-site request forgery vulnerability – can each be exploited by a “non-authenticated user via the internet.”</p> <p>The fourth medium-severity bug, a security restriction bypass vulnerability, can be triggered only by a remote authenticated user.</p> <p>Of the medium-severity bugs the cross-site scripting flaw is potentially the most dangerous. A successful attack lets a remote attacker steal sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks, according to WordPress. Because of insufficient WordPress data sanitization of user-supplied data to an affected website, the security release said a remote attacker “can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.”</p> <p><strong>Hackers Put Bullseye on Healthcare: <a href=";utm_medium=ART&amp;utm_campaign=Nov_webinar" target="_blank" rel="noopener noreferrer">On Nov. 18 at 2 p.m. EDT</a> find out why hospitals are getting hammered by ransomware attacks in 2020. <a href=";utm_medium=ART&amp;utm_campaign=Nov_webinar" target="_blank" rel="noopener noreferrer">Save your spot for this FREE webinar</a> on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this <a href=";utm_medium=ART&amp;utm_campaign=Nov_webinar" target="_blank" rel="noopener noreferrer">LIVE</a>, limited-engagement webinar.</strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="WordPress Patches 3-Year-Old High-Severity RCE Bug" data-url="" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="">Vulnerabilities</a></li> <li><a class="c-label c-label--secondary-transparent" href="">Web Security</a></li> </ul> </div> </div> </footer> </div>