WordPress Vulnerabilities & Patch Roundup — July 2022
2022-7-29 23:40:57 Author: blog.sucuri.net(查看原文) 阅读量:49 收藏

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.


Youzify – Unauthenticated SQLi

Security Risk: Critical
Vulnerability: SQL Injection
Exploitation Level: Can be exploited remotely without authentication.
CVE: CVE-2022-1950
Number of Installations: 8,000+
Affected Software: Youzify <= 1.1.9
Patched Versions: Youzify 1.2.0

This vulnerability leverages improperly sanitized and escaped parameters prior to use in a SQL statement via AJAX action. Unauthenticated attackers are able to leverage this vulnerability for SQL injection.

Mitigation steps: Update to Youzify plugin version 1.2.0 or greater.


CAPTCHA 4WP – Local File Inclusion via CSRF

Security Risk: High
Vulnerability: Broken Access Control
Exploitation Level: Hard
CVE: CVE-2022-2184
Number of Installations: 200,000+
Affected Software: CAPTCHA 4WP <= 7.0.6.1
Patched Versions: CAPTCHA 4WP 7.1.0

User input is able to reach the sensitive require_once call in a template found on the admin side of the plugin, allowing an attacker to run arbitrary code on the server via cross-site request forgery attack.

Mitigation steps: Update to CAPTCHA 4WP plugin version 7.1.0 or greater.


OAuth Single Sign On – Broken Authentication

Security Risk:  High
Vulnerability: Broken Authentication and Session Management
Exploitation Level: Can be exploited remotely without any authentication.
CVE: CVE-2022-2133 
Number of Installations: 3,000+
Affected Software: OAuth Single Sign On <= 6.22.5
Patched Versions: OAuth Single Sign On 6.22.6

Access token requests aren’t validated to ensure they are legitimate, allowing an attacker to log onto the website using a user’s email address.

Mitigation steps: Update to OAuth Single Sign On plugin version 6.22.6 or greater.


Visualizer: Tables and Charts Manager for WordPress – Contributor+ PHAR Deserialization

Security Risk: High
Vulnerability: Insecure Deserialization
Exploitation Level: Requires contributor or higher role user authentication.
CVE: CVE-2022-2256
Number of Installations: 40,000+
Affected Software: Visualizer: Tables and Charts Manager for WordPress <= 3.7.9
Patched Versions: Visualizer: Tables and Charts Manager for WordPress 3.7.10

The remote_data parameter is not validated which allows contributors roles and higher to call files using a PHAR wrapper. This technique deserializes data, allowing the attacker to call arbitrary PHP objects when a POP (Property Oriented Programming) chain is present.

Mitigation steps: Update the Visualizer: Tables and Charts Manager for WordPress plugin to version 3.7.10 or greater.


Name Directory – Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: Broken Access Control
Exploitation Level: Minor
CVE: CVE-2022-2072
Number of Installations: 3,000+
Affected Software: Name Directory <= 1.25.
Patched Versions: Name Directory 1.25.5

A parameter is not sanitized and escaped before outputting it back in the page, which can lead to reflected cross-site scripting attacks. The payload can also be saved in the database after the request, which can lead to stored cross-site scripting.

Mitigation steps: Update to Name Directory plugin version 1.25.5 or greater.


Simple Membership – Unauthenticated Membership Privilege Escalation

Security Risk: Medium
Vulnerability: Broken Authentication & Session Management
Exploitation Level: Unauthenticated - Anyone can exploit it trivially
CVE: CVE-2022-2317
Number of Installations: 50,000+
Affected Software: Simple Membership <= 4.1.2
Patched Versions: Simple Membership 4.1.3

Insufficient checks of a user-supplied parameter allow a user to change their plugin membership during registration. Does not impact WordPress role.

Mitigation steps: Update to Simple Membership plugin version 4.1.3 or greater.


User Private Files – Subscriber+ Arbitrary File Upload

Security Risk: Critical
Vulnerability: Injection
Exploitation Level: Requires subscriber or higher role user authentication.
CVE: CVE-2022-2356
Number of Installations: 400+
Affected Software: User Private Files <= 1.1.2
Patched Versions: User Private Files 1.1.3

File extensions are not filtered by the plugin when users upload files to the server, allowing malicious code to be uploaded to the environment.

Mitigation steps: Update to User Private Files plugin version 1.1.3 or greater.


Advanced WordPress Reset – Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: Cross Site Scripting (XSS)
Exploitation Level: Medium - requires admin to visit a link.
CVE: CVE-2022-2181
Number of Installations: 40,000+
Affected Software: Simple Membership <= 1.5
Patched Versions: Simple Membership 1.6

Some generated URLs are not escaped before outputting them back into href attributes on Admin dashboard pages, making it possible for attackers to launch reflected cross-site scripting attacks.

Mitigation steps: Update Simple Membership plugin to version 1.6 or greater.


YOP Poll – IP Spoofing

Security Risk: Medium
Vulnerability: Broken Access Control
Exploitation Level: Trivial, but also very little impact (poll manipulation).
CVE: CVE-2022-1600
Number of Installations: 20,000+
Affected Software: YOP Poll <= 6.4.2
Patched Versions: YOP Poll 6.4.3

Visitor IP is obtained in priority order from certain HTTP headers instead of REMOTE_ADDR, making it possible in certain situations for a bad actor to bypass IP-based limitations to vote.

Mitigation steps: Update to YOP Poll plugin version 6.4.3 or greater.


Header Footer Code Manager – Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: Cross-Site Scripting (XSS)
Exploitation Level: Medium
CVE: CVE-2022-0899
Number of Installations: 300,000+
Affected Software: Header Footer Code Manager <= 1.1.23
Patched Versions: Header Footer Code Manager 1.1.24

Generated URLS are not escaped before outputting them back in admin page attributes, which can lead to reflected cross-site scripting attacks.

Mitigation steps: Update to Header Footer Code Manager plugin version 1.1.24 or greater.


Unyson – Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: Cross-Site Scripting
Exploitation Level: Medium
CVE: CVE-2022-2219
Number of Installations: 200,000+
Affected Software: Unyson <= 2.7.26
Patched Versions: Unyson 2.7.27

A parameter is not sanitized and escaped before outputting it back on the page, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update to Unyson plugin version 2.7.27 or greater.


WordPress Popular Posts – Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: Cross-Site Scripting
Exploitation Level: Medium
CWE: CWE-79
Number of Installations: 200,000+
Affected Software: WordPress Popular Posts <= 5.5.1
Patched Versions:  WordPress Popular Posts 6.0.0

Mitigation steps: Update to WordPress Popular Posts plugin version 6.0.0 or greater.


WPDating – Multiple SQL Injection Issues

Security Risk: High 
Vulnerability: Injection
CVE: CVE-2022-2460
Affected Software: WPDating <= 7.1.9
Patched Versions: N/A

User input is not properly escaped before concatenating it to SQL queries, which can lead to multiple different types of SQL injection vulnerabilities.

Mitigation steps: No known fix. Uninstall plugin until patch is available.


Users who are not able to update their software with the latest version are encouraged to use a web application firewall to virtually patch these vulnerabilities and protect their website.

文章来源: https://blog.sucuri.net/2022/07/wordpress-vulnerabilities-patch-roundup-july-2022.html
如有侵权请联系:admin#unsafe.sh