WordPress Vulnerability & Patch Roundup November 2022
2022-11-30 04:14:57 Author: blog.sucuri.net(查看原文) 阅读量:36 收藏

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. If you don’t have it installed yet, you can use our web application firewall to protect against known vulnerabilities.


All-In-One Security (AIOS) — Multiple Cross-Site Request Forgery (CSRF)

Security Risk: Medium
Exploitation Level: No authentication required.
Vulnerability: Cross-Site Request Forgery (CSRF)
CVE: CVE-2022-44737
Number of Installations: 1,000,000+
Affected Software: All-In-One Security <= 5.1.0
Patched Versions: All-In-One Security 5.1.1

Mitigation steps: Update to All-In-One Security (AIOS) plugin version 5.1.1 or greater.


Popup Maker — Authenticated Stored Cross-Site Scripting (XSS)

Security Risk: Low
Exploitation Level: Requires authenticated admin or other high privilege user.
Vulnerability: Cross-Site Scripting (XSS)
CVE: CVE-2022-3690
Number of Installations: 700,000+
Affected Software: Popup Maker <= 1.16.10
Patched Versions: Popup Maker 1.16.11

Some popup options are not properly sanitized and escaped by the plugin, potentially allowing admins and other high privilege users to perform stored cross-site scripting attacks.

Mitigation steps: Update to Popup Maker plugin version 1.16.11 or greater.


Broken Link Checker — Authenticated Cross-Site Scripting

Security Risk: Low
Exploitation Level: Requires authenticated admin or other high privilege user.
Vulnerability: Cross-Site Scripting (XSS)
CVE: CVE-2022-3922
Number of Installations: 700,000+
Affected Software: Broken Link Checker <= 1.11.19
Patched Versions: Broken Link Checker 1.11.20

Some settings are not properly sanitized and escaped by the plugin, potentially allowing high privilege users to perform stored cross-site scripting attacks.

Mitigation steps: Update to Broken Link Checker plugin version 1.11.20 or greater.


Contact Form 7 Database Addon — CSV Injection

Security Risk: Low
Exploitation Level: Requires user authentication with export capabilities.
Vulnerability: Injection
CVE: CVE-2022-3634
Number of Installations: 500,000+
Affected Software: Contact Form 7 Database Addon <= 1.2.6.3
Patched Versions: Contact Form 7 Database Addon 1.2.6.5

Data is not validated by the plugin when outputting it back into a CSV file, potentially leading to CSV injections.

Mitigation steps: Update to Contact Form 7 Database Addon plugin version 1.2.6.5 or greater.


Checkout Field Editor for WooCommerce — PHP Object Injection

Security Risk: Medium
Exploitation Level: Requires Admin or other high privilege role authentication.
Vulnerability: Injection
CVE: CVE-2022-3490
Number of Installations: 400,000+
Affected Software: Checkout Field Editor for WooCommerce <= 1.7.2
Patched Versions: Checkout Field Editor for WooCommerce 1.8.0

Mitigation steps: Update to Checkout Field Editor for WooCommerce plugin version 1.8.0 or greater.


Plugin for Google Reviews — Broken Access Control

Security Risk: Medium
Exploitation Level: Requires subscriber or higher authentication.
Vulnerability: Broken Access Control
CVE: CVE-2022-45369
Number of Installations: 100,000+
Affected Software: Plugin for Google Reviews <= 2.2.2
Patched Versions: Plugin for Google Reviews 2.2.4

Mitigation steps: Update to Plugin for Google Reviews plugin version 2.2.4 or greater.


Chaty — SQLi

Security Risk: Medium
Exploitation Level: Requires admin or other high privilege user authentication.
Vulnerability: Injection
CVE: CVE-2022-3858
Number of Installations: 100,000+
Affected Software: Chaty
Patched Versions: Chaty 3.0.3

A parameter is not properly escaped and sanitized prior to use in SQL statements, potentially leading to SQL injections.

Mitigation steps: Update to Chaty plugin version 3.0.3 or greater.


Web Stories — Server-Side Request Forgery (SSRF)

Security Risk: High
Exploitation Level: Requires subscriber or higher authentication.
Vulnerability: Injection
CVE: CVE-2022-3708
Number of Installations: 100,000+
Affected Software: Web Stories <= 1.24.0
Patched Versions: Web Stories 1.25.0

Insufficient validation of URLs by the plugin makes it possible for authenticated users to make requests, query, and modify information.

Mitigation steps: Update to Web Stories plugin version 1.25.0 or greater.


Crowdsignal Dashboard — Privilege Escalation

Security Risk: Medium
Exploitation Level: Requires contributor or higher authentication.
Vulnerability: Privilege Escalation
CVE: CVE-2022-45069
Number of Installations: 90,000+
Affected Software: Crowdsignal Dashboard <= 3.0.9
Patched Versions: Crowdsignal Dashboard 3.1.10

A missing permissions check makes it possible for contributors and higher to access and change sitewide rating settings.

Mitigation steps: Update to Crowdsignal Dashboard plugin version 3.0.10 or greater.


Blog2Social — Missing Authorization

Security Risk: Medium
Exploitation Level: Requires subscriber or other high authentication role.
Vulnerability: Broken Access Control
CVE: CVE-2022-3622
Number of Installations: 70,000+
Affected Software: Blog2Social <= 6.9.11
Patched Versions: Blog2Social 6.9.12

A missing authorization check can potentially allow authenticated attackers to change plugin settings.

Mitigation steps: Update to Blog2Social plugin version 6.9.12 or greater.


Advanced Import — Arbitrary Plugin Installation & Activation via CSRF

Security Risk: Medium
Exploitation Level: Requires admin or other high privilege role authentication.
Vulnerability: Broken Authentication and Session Management
CVE: CVE-2022-3677
Number of Installations: 70,000+
Affected Software: Advanced Import <= 1.3.7
Patched Versions: Advanced Import 1.3.8

A CSRF check is not performed when installing and activating plugins, potentially allowing an authenticated admin attacker to install and activate arbitrary plugins.

Mitigation steps: Update to Advanced Import plugin version 1.3.8 or greater.


Permalink Manager Lite — Settings Update via CSRF

Security Risk: Medium

Exploitation Level: No authentication required.
Vulnerability: Broken Authentication and Session Management
CVE: CVE-2022-4021
Number of Installations: 60,000+
Affected Software: Permalink Manager Lite <= 2.2.20.1
Patched Versions: Permalink Manager Lite 2.2.20.2

A CSRF check is not in place when plugin settings are updated, potentially allowing an attacker to change them via CSRF.

Mitigation steps: Update to Permalink Manager Lite plugin version 2.2.20.2 or greater.


WP Admin UI Customize — Stored Cross-Site Scripting (XSS)

Security Risk: Low
Exploitation Level: Requires admin or other high privilege authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-3824
Number of Installations: 40,000+
Affected Software: WP Admin UI Customize <= 1.5.12
Patched Versions: WP Admin UI Customize 1.5.13

Settings are not properly escaped and sanitized by the plugin, potentially allowing an attacker with high privilege authentication to perform stored cross-site scripting attacks.

Mitigation steps: Update to WP Admin UI Customize plugin version 1.5.13 or greater.


Beautiful Cookie Consent Banner — Stored Cross-Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires admin or other high privilege user authentication.
Vulnerability: Cross-Site Scripting
CVE: CVE-2022-3823
Number of Installations: 40,000+
Affected Software: Beautiful Cookie Consent Banner <= 2.9.0
Patched Versions: Beautiful Cookie Consent Banner 2.9.1

Settings are not properly escaped and sanitized, potentially allowing an attacker with high privilege authentication to perform a stored cross-site scripting attack.

Mitigation steps: Update to Beautiful Cookie Consent Banner plugin version 2.9.1 or greater.


Easy Video Player — Stored Cross-Site Scripting (XSS)

Security Risk: Medium
Exploitation Level: Requires contributor or higher level authentication.
Vulnerability: Cross-site Scripting (XSS)
CVE: CVE-2022-3937
Number of Installations: 40,000+
Affected Software: Easy Video Player <= 1.2.2.2
Patched Versions: Easy Video Player 1.2.2.3

Parameters are not properly escaped and sanitized by the plugin, potentially allowing contributor users or higher to perform cross-site scripting attacks.

Mitigation steps: Update to Easy Video Player plugin version 1.2.2.3 or greater.

Users who are not able to update their software with the latest version are encouraged to use a web application firewall to virtually patch these vulnerabilities and protect their website.

文章来源: https://blog.sucuri.net/2022/11/wordpress-vulnerability-patch-roundup-november-2022.html
如有侵权请联系:admin#unsafe.sh