WordPress plugin security audit unearths dozens of vulnerabilities impacting 60,000 websites
A researcher at security firm Cyllective has unearthed vulnerabilities in dozens of WordPress plugins, affecting tens of thousands of installations.
Dave Miller, who leads Cyllective’s penetration testing team, says they started out testing randomly selected plugins, quickly finding an unauthenticated SQL injection vulnerability.
They also found a series of local file inclusion and remote code execution (RCE) vulnerabilities. However, as these issues were found in severely outdated plugins, the team decided to concentrate its efforts on those that have received updates in the last two years around 5,000 plugins.
Exposed endpoints
Looking particularly for unauthenticated SQL injection vulnerabilities, the researcher used a system of tags to identify plugins showing interaction with the WordPress database; string interpolation in SQL-like strings; security measures relating to sanitization attempts; and exposure of unauthenticated endpoints.
And after three months’ research, says Miller, the result was a total of 35 vulnerabilities, all of which could have been exploited by unauthenticated attackers, affecting around 60,500 instances running the affected WordPress plugins.
For Further Reference