Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

2 Vulnerabilities in Squirrly SEO plugin 6.1.4 and older

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 11, 2016 by Dan Moen   2 Replies

Today the Squirrly SEO team released version 6.1.5 of their WordPress plugin, fixing two security vulnerabilities. They have over 20,000 active users according to wordpress.org. Panagiotis Vagenas, Security Analyst here at Wordfence discovered the vulnerabilities. Details were shared with the author and firewall rules were added to the Wordfence Threat Defense Feed on Friday. The path traversal and privilege escalation vulnerabilities impact versions 6.1.4 and older.

Vulnerability 1: Privilege Escalation

CVSS Severity: 8.8 (High)

This vulnerability allows an attacker to modify plugin settings on a site with registration enabled. On a stand-alone basis the value to an attacker is relatively low, enabling them to do things like add or change the site favicon, upload featured images for posts or retrieve SEO settings for a post. As you’ll see below, the real danger with this vulnerability is when it is used in conjunction with another.

Vulnerability 2: Path Traversal

CVSS Severity: 8.1 (High)

This vulnerability allows an attacker to download any file from a WordPress server, including the wp-config.php file. That file includes database credentials for the website and other information that could potentially enable an attacker to gain full control of the site. In order to exploit this vulnerability there are two conditions that must be met: a specific plugin parameter must be set to a specific value and a favicon must be present. We have no way of estimating the percentage of websites running the Squirrly SEO that meet this criteria. However, it could be used in conjunction with vulnerability 1 above or any other privilege escalation vulnerability to significantly increase an attacker’s success rate.

Both free and Premium Wordfence users with the firewall enabled have been protected from this vulnerability since the new Firewall and Threat Defense Feed were released in April.

What to do

Premium Wordfence customers that have the firewall enabled are protected by the firewall rule that was added to the Threat Defense Feed on Friday, July 8th. Free Wordfence users running the Squirrly SEO plugin should upgrade to version 6.1.5 immediately, and will receive a rule to protect against vulnerability 1 on August 7th.

Did you enjoy this post? Share it!


Your rating:

2 Comments on "2 Vulnerabilities in Squirrly SEO plugin 6.1.4 and older"

Calin Vingan July 12, 2016 at 2:08 am • Reply

Hey,

Hey, I read the article and you didn't specified that those were between the logged-in users. Squirrly only allows logged users with Contributor rights and above to use the features.

It's good to have the last version because we also add many new features in Squirrly SEO.

Please edit the article so that people don't get confused.

Thank you,
Calin

mark July 12, 2016 at 8:20 am • Reply

Hi Calin,

We've reverified that one of these vulnerabilities is completely unauthenticated and the other requires only subscriber level access.

We're emailing you privately as a follow-up.

Regards,

Mark.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.