18 Unrestricted Access FEB 2021
WordPress Security Report
Be informed about the latest Unrestricted Access FEB 2021 – WP Security Circumvention, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on any WordPress Security. Consider our FREE security AUDIT.
An estimated 2.169.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. The estimated number can double with premium versions as they are private purchases.
Furthermore, the initial estimation can multiply if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.
It is a 339% increase of targeted active WordPress installations, compared to January 2022. Read more about our previous report here: 18 Unrestricted Access JAN 2021 – WP Security Circumvention. The following cases made headlines PUBLICLY just last month in the SQL Injections FEB 2021 category:
- Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)
- Under Construction, Maintenance Mode or Coming Soon landing page is needed when you are working hard to launch your website. This plugin helps you to post a message to your users while you can work behind the scenes. Active installations: 2,000+
- YITH WooCommerce Gift Cards < 3.3.1 - RCE via Arbitrary File Upload
- The new version of our YITH WooCommerce Gift Card is the free and easy solution to start selling gift cards on your e-commerce. We have updated the plugin to make it even more effective, innovative and easier to use. Active installations: 8,000+
- WordPress Mega Menu – QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save
- The best responsive mega menu designed for theme developers with customizable menu layouts and megamenu drag & drop fields. Active installations: 20,000+
- WordPress Backup and Migrate Plugin – Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
- Backup Guard is the most complete WordPress backup plugin. We offer the easiest way to Backup, Restore and Migrate your WordPress website. You can backup and restore your WordPress files, database or both. Active installations: 70,000+
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34 - Administrator Open Redirect
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
Protect your WordPress from publicly reported cases of Unrestricted Access FEB 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
- Theme Editor < 2.6 - Authenticated Arbitrary File Download
- THEME EDITOR ALLOWS YOU TO EDIT THEME FILES, CREATE FOLDER, UPLOAD FILES AND REMOVE ANY FILE AND FOLDER IN THEMES AND PLUGINS. YOU CAN EASILY CUSTOMIZE YOU THEMES AND PLUGINS DIRECTLY. Active installations: 50,000+
- Responsive Menu – Create Mobile-Friendly Menu 4.0.0 – 4.0.3 – Authenticated Arbitrary File Upload
- Highly customisable Responsive Menu Plugin for WordPress. With over 150 customisable options you get a combination of 22,500 options! No coding experience or knowledge is needed with an easy to use interface you can get it looking exactly as you want with minimal fuss. Active installations: 100,000+
- Responsive Menu – Create Mobile-Friendly Menu < 4.0.4 - CSRF to Arbitrary File Upload
- Highly customisable Responsive Menu Plugin for WordPress. With over 150 customisable options you get a combination of 22,500 options! No coding experience or knowledge is needed with an easy to use interface you can get it looking exactly as you want with minimal fuss. Active installations: 100,000+
- Map Block for Google Maps < 1.32 - Unauthorised Google API Key change
- Are you using Gutenberg and need a map? This is the map block for you! Install, active, add to content. Done! No nonsense, no unneeded settings. Simple and clear in its function – as any Gutenberg block should be. Active installations: 7,000+
- WordPress Gallery Plugin – NextGEN Gallery < 3.5.0 - CSRF allows File Upload
- NextGEN Gallery has been the industry’s standard WordPress gallery plugin since 2007 and continues to receive over 1.5 million new downloads per year. It’s easy for simple photo galleries, but powerful enough for the most demanding photographers, visual artists, and imaging professionals. Active installations: 800,000+
- Backup by Supsystic <= 2.3.9 - Authenticated Arbitrary File Download and Deletion
-
No known fix – plugin closed
-
- Paid Memberships Pro < 2.5.3 - Unauthorised Order Information Disclosure
- Paid Memberships Pro gives you all the tools you need to start, manage, and grow your membership site. The plugin is designed for premium content sites, clubs/associations, subscription products, newsletters and more. Active installations: 100,000+
- Like Button Rating ♥ LikeBtn < 2.6.32 - Unauthenticated Full-Read SSRF
- The Like Button Rating plugin allows you to add a cool looking fully customizable Like button. Active installations: 8,000+
- Ultimate GDPR & CCPA Compliance Toolkit for WordPress < 2.5 - Unauthenticated Plugin Settings Export and Import
- THE ONLY GDPR & CCPA COMPLIANCE TOOLKIT YOU NEED FOR WORDPRESS Active installations: Not public info
- Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal
-
No known fix – plugin closed
-
- MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
- The plugin is used for config the Mstore/FluxStore mobile and support RestAPI to connect to the app. Active installations: 4,000+
CONTACT US TODAY with any reported Unrestricted Access FEB 2021 vulnerability! Do you suspect any security circumvention in your WP?
BRIEF: Open and Unrestricted Access FEB 2021 to anything within a website is one thing everybody considers to be a total disaster. Many employees have come to rely on the Internet both for work and day-to-day life. As such, they demand unrestricted access at work, and many company bosses have obliged. Without the knowledge to them, however, there may be a risk associated with this.
What is Unauthenticated Insecure Deserialisation?
Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. If the function that is responsible for converting serial data into a structured object assumes that the data is trusted, an attacker may format the serial data in such a way that the result of deserialization is malicious. Unfortunately, many standard deserialization functions in programming languages assume that the data is safe.
What is Unauthenticated Backup Download?
The plugin does not restrict access to a BACKUP file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them.
What is Unrestricted File Upload?
By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website. By doing this, it allows an attacker to inject malicious content such as web shells into the sites, and providing a method for initial access into the system.
What is Login Rate Limiting Bypass?
When the plugin is configured with a custom header in its Trusted IP Origins setting (e.g X-Forwarded-For), attackers could bypass the protection offered by tampering the header sent in requests. When the plugin is configured to accept an arbitrary header as client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does never reach the maximum allowed retries.
What is Improper Authorisation Check?
An attacker could leverage these issues to dump the database including administrative user credentials, to steal cookie-based authentication credentials, or launch other attacks. An anonymous user may create a new dive entry with a crafted HTTP POST.
Get Healthy, Stay Healthy! A healthier online business starts today and it begins with you. Let’s solve all your vulnerabilities created from Unrestricted Access FEB 2021.
