Attackers could exploit a critical vulnerability in the WP Product Review Lite WordPress plugin to inject malicious code and potentially take over vulnerable websites.
The WP Product Review Lite plugin allows site owners to quickly create custom review articles using pre-defined templates, it is currently installed on over 40,000 WordPress sites.
The vulnerability was discovered by researchers at Sucuri Labs, it is a persistent XSS that could be exploited by remote, unauthenticated attackers.
“During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.” reads the analysis published by Sucuri.
“All user input data is sanitized but the WordPress function used can be bypassed when the parameter is set inside an HTML attribute. A successful attack results in malicious scripts being injected in all the site’s products.”
Attackers can bypass the WordPress user input data sanitization function to exploit the Stored Cross-Site Scripting (Stored XSS) issue. Upon triggering the flaw, the attackers could inject malicious scripts in all the products stored in the database of the targeted website.
An attacker could trick a site admin into accessing the compromised products, then they could redirect them to a rogue site, or steal the session cookies to authenticate on behalf of the administrator.
Once the attacker has authenticated as an admin, it could add a new admin account to take over the site.
Researchers at the Sucuri Labs revealed that they are not aware of any attacks in the wild exploiting the flaw.
Experts recommend site administrators to update their plugin to version 3.7.6 as soon as possible because unauthenticated attacks could be automated by attackers.
“Unauthenticated attacks are very serious because they can be automated, making it easy for hackers to mount successful, widespread attacks against vulnerable websites,” Sucuri Labs conclude.
“The number of active installs, the ease of exploitation, and the effects of a successful attack are what makes this vulnerability particularly dangerous.”
The vulnerability was reported to the plugin developers on May 13, and it was fixed in only 24 hours, on May 14, 2020.
At the time of writing, more than 7,000 users have already fixed their WP Product Review Lite plugin, this means that more than 32,000 sites have yet to do it.
(SecurityAffairs – WP Product Review Lite, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.