The WordPress plugin ‘ThemeREX Addons’ is affected by a critical vulnerability that could allow remote attackers to execute arbitrary code.
A critical vulnerability in the WordPress plugin known as ThemeREX
The plugin is currently installed on tens of thousands of websites and according to the security firm Wordfence the vulnerability has been actively exploited in the wild as a zero-day.
The plugin, which is installed on approximately 44,000 sites, is used to apply various “skins” that govern the look and feel of web destinations, including theme-enhancing features and widgets.
“On February 18th, we were alerted to a vulnerability present in ThemeREX
Experts discovered that the vulnerability resides in the ~/includes/plugin
When the API interacts with Gutenberg, the
“There were no capability checks on this endpoint that would block users that were not administrators or currently signed in, so any user had the ability to call the endpoint regardless of capability. In addition, there was no nonce check to verify the authenticity of the source.” continues the analysis. “Access control and cross-site request forgery (CSRF) protection aside, the core of the problem was within the functionality of the code itself.”
Experts also noticed in the code the presence of a
“There were no restrictions on the PHP functions that could be used or the parameters that were provided as input. Instead, we see a simple if (function_exists
An attacker could exploit several WordPress functions, such as the “wp_insert_user” function, to create administrative user accounts and take control of sites using the vulnerable plugin.
Developers of the ThemeREX have addressed the vulnerability by removing the ~/plugin
“This flaw has been patched in all ThemeREX themes that were running vulnerable versions of this plugin and we recommend that users update to the latest version available immediately.” concludes the advisory.
Unfortunately, the number of attacks attempting to exploit vulnerabilities in WordPress plugins continues to increase. A couple of weeks
- Jan. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites.
- Jan. 2020 – Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin.
- Feb. 2020 – A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site.
- Feb. 2020 – A stored cross-site vulnerability in the GDPR Cookie Consent plugin that could potentially impact 700K users.
- Feb. 2020 – A zero-day vulnerability in the ThemeREX Addons was actively exploited by hackers in the wild to create user accounts with admin permissions.
I believe it is very important to protect WordPress install with dedicated solutions, I’m currently using WordFence solution, the company provided with a license to evaluate the premium features.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
Share On
