A critical vulnerability in the WordPress plugin known as ThemeREX
The plugin is currently installed on tens of thousands of websites and according to the security firm Wordfence the vulnerability has been actively exploited in the wild as a zero-day.
The plugin, which is installed on approximately 44,000 sites, is used to apply various “skins” that govern the look and feel of web destinations, including theme-enhancing features and widgets.
“On February 18th, we were alerted to a vulnerability present in ThemeREX
Experts discovered that the vulnerability resides in the ~/includes/plugin
When the API interacts with Gutenberg, the
“There were no capability checks on this endpoint that would block users that were not administrators or currently signed in, so any user had the ability to call the endpoint regardless of capability. In addition, there was no nonce check to verify the authenticity of the source.” continues the analysis. “Access control and cross-site request forgery (CSRF) protection aside, the core of the problem was within the functionality of the code itself.”
Experts also noticed in the code the presence of a
“There were no restrictions on the PHP functions that could be used or the parameters that were provided as input. Instead, we see a simple if (function_exists
An attacker could exploit several WordPress functions, such as the “wp_insert_user” function, to create administrative user accounts and take control of sites using the vulnerable plugin.
Developers of the ThemeREX have addressed the vulnerability by removing the ~/plugin
“This flaw has been patched in all ThemeREX themes that were running vulnerable versions of this plugin and we recommend that users update to the latest version available immediately.” concludes the advisory.
Unfortunately, the number of attacks attempting to exploit vulnerabilities in WordPress plugins continues to increase. A couple of weeks
I believe it is very important to protect WordPress install with dedicated solutions, I’m currently using WordFence solution, the company provided with a license to evaluate the premium features.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.