3 Plugin Vulnerabilities Disclosed Yesterday
This entry was posted in Vulnerabilities, WordPress Security on May 24, 2016 by Dan Moen 26 Replies
We disclosed three plugin vulnerabilities yesterday that we’d like to bring to your attention to.
Local File Inclusion Vulnerability Severity 4.2 (Medium) and Unauthorized Options Update Vulnerability Severity 4.4 (Medium) in WP Fastest Cache
Wordfence Security Researcher Panagiotis Vagenas discovered both of these vulnerabilities in the WP Fastest Cache plugin which we reported to the author yesterday. The Local File Inclusion vulnerability allows an attacker to execute code on the target web server or on a site visitor’s browser. This enables the attacker to steal or manipulate data, perform a denial of service attack or enable additional attack types such as Cross Site Scripting. Wordfence Firewall provided protection against this type of attack prior to discovery.
The Options Update vulnerability allows an attacker to access and make changes to the CDN (Content Delivery Network) options for the website. With this control an attacker can direct all requests for css files, images, videos, etc. to their site, allowing them to serve malicious content to visitors of the vulnerable site.
Local File Inclusion CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Options Update CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
What to do
If you are running the Premium version of Wordfence and have the firewall enabled you are already protected because we added protection for both vulnerabilities yesterday.
Free Wordfence users running this plugin should update the vulnerable plugin immediately. Paid Wordfence users who have the firewall disabled should also update the vulnerable plugin immediately. The author released a fix within an hour of our notifying him of this vulnerability.
Sensitive Data Exposure Vulnerability Severity 4.3 (Medium) in Caldera Forms
Wordfence Security Researcher Panagiotis Vagenas also discovered this vulnerability, which we reported to the Caldera Forms author yesterday. This vulnerability allows an attacker to gain access to potentially sensitive data that has been captured by a Caldera Form.
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What to do
If you are running the Premium version of Wordfence and have the firewall enabled you are already protected, we added a firewall rule yesterday. Free users of Wordfence and paid users who have the Wordfence firewall disabled who are running this plugin should update to the most recent version immediately. The author released a fix within hours of discovery and published a blog post about it this morning.