A critical vulnerability in the WordPress plugin known as ThemeREX
The plugin is currently installed on tens of thousands of websites and according to the security firm Wordfence the vulnerability has been actively exploited in the wild as a zero-day.
The plugin, which is installed on approximately 44,000 sites, is used to apply various “skins” that govern the look and feel of web destinations, including theme-enhancing features and widgets.
“On February 18th, we were alerted to a vulnerability present in ThemeREX
Experts discovered that the vulnerability resides in the ~/includes/plugin
When the API interacts with Gutenberg, the
“There were no capability checks on this endpoint that would block users that were not administrators or currently signed in, so any user had the ability to call the endpoint regardless of capability. In addition, there was no nonce check to verify the authenticity of the source.” continues the analysis. “Access control and cross-site request forgery (CSRF) protection aside, the core of the problem was within the functionality of the code itself.”
Experts also noticed in the code the presence of a
“There were no restrictions on the PHP functions that could be used or the parameters that were provided as input. Instead, we see a simple if (function_exists
An attacker could exploit several WordPress functions, such as the “wp_insert_user” function, to create administrative user accounts and take control of sites using the vulnerable plugin.
Developers of the ThemeREX have addressed the vulnerability by removing the ~/plugin
“This flaw has been patched in all ThemeREX themes that were running vulnerable versions of this plugin and we recommend that users update to the latest version available immediately.” concludes the advisory.
Unfortunately, the number of attacks attempting to exploit vulnerabilities in WordPress plugins continues to increase. A couple of weeks
I believe it is very important to protect WordPress install with dedicated solutions, I’m currently using WordFence solution, the company provided with a license to evaluate the premium features.
|[adrotate banner=”9″]||[adrotate banner=”12″]|