Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer
The flaws in WP Time Capsule and InfiniteWP WordPress plugins could be exploited to take over websites running the popular CMS that are more than 320,000.
The plugins are affected by logical issues that could allow attackers to log in as administrators without providing any password.
Security systems like firewalls might fail to detect the attempt of exploitation for these issues because authentication bypass vulnerabilities are often logical mistakes in the code and don’t actually involve a suspicious-looking payload.
The attacker could trigger the issue by sending a POST request with the payload written first in JSON and then encoded in Base64. The request will bypass the password requirement and log in with only the username of an existing account. All the attackers need to know is the username of an administrator
“The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This function checks if the request_params variable of the class IWP_MMB_Core is not empty, which is only populated when the payload meets certain conditions.” continues the analysis.
“In this case, the condition is that the iwp_action parameter of the payload must equal readd_site or add_site as they are the only actions that do not have an authorization check in place. The missing authorization check is the reason why this issue exists.”
InfiniteWP Client versions before 220.127.116.11 are affected by the vulnerability.
WP Time Capsule is a backup tool with around 20,000 installs, to bypass the authentication the attackers need to send a POST request containing in the body a certain string.
Below the timeline for both vulnerabilities:
Don’t waste time, update your plugin installs as soon as possible!
(SecurityAffairs – WordPress Plugin, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.