Critical 0-Day Vulnerability in Popular WordPress Plugin Affects Over 17,000 Sites

On June 2, 2021, it was revealed that the Fancy Product Designer plugin for WordPress, used on more than 17,000 websites, contains a dangerous file upload vulnerability. This flaw is currently being exploited by attackers to insert malware into affected sites. The threat intelligence team at Wordfence, which identified the vulnerability, reported the issue to the plugin’s developer on May 31. Despite acknowledgment of the problem, no fix has been implemented yet. Fancy Product Designer allows businesses to offer customizable products, enabling customers to upload images and PDFs for items like T-shirts and phone cases. Unfortunately, although the plugin had some security measures, they were inadequate and easily bypassed, allowing the upload of malicious PHP files to any site using the plugin.

Hackers Exploit Critical Vulnerability in WordPress Plugin Used by Thousands

June 2, 2021

In a troubling development for website security, the Fancy Product Designer plugin for WordPress, utilized by over 17,000 sites, has been found to harbor a significant file upload vulnerability. This flaw is currently being exploited by malicious actors to inject malware into websites employing the plugin, raising urgent concerns for site owners about the potential risks involved. The vulnerability was uncovered by Wordfence’s threat intelligence team, which notified the plugin’s developers on May 31, 2021. Despite acknowledging the issue, remediation efforts remain pending.

Fancy Product Designer serves as a versatile tool allowing businesses to offer customizable products, empowering customers to design a range of items—from T-shirts to phone cases—by uploading images and PDF files. However, the plugin’s security measures, although present, were inadequate. Attackers have demonstrated the ability to bypass these protections, facilitating the upload of executable PHP files to any affected site. This oversight underscores a critical lapse in the plugin’s security framework, leaving many sites vulnerable to compromise.

The targeted sites are predominantly based in the United States, where businesses rely heavily on WordPress for their e-commerce solutions. As the presence of vulnerabilities in widely-used plugins increases, the implications for cybersecurity become more severe, particularly for small and medium-sized enterprises that may not have extensive resources to address such threats.

From a cyberattack perspective, the tactics employed by adversaries align with several categories within the MITRE ATT&CK framework. Initial access might have been achieved through exploiting the identified vulnerability, allowing malicious actors to gain a foothold on affected systems. This could lead to further persistence within the environment, where they could establish ongoing access to the compromised sites. Moreover, given the ability to upload executable files, the threat actors may leverage techniques associated with privilege escalation to elevate their access, enabling more sophisticated attacks.

Organizations utilizing the Fancy Product Designer plugin should prioritize immediate action. This includes assessing the extent of risk by evaluating their current installations and considering the temporary disabling of the plugin until adequate security patches are implemented. Furthermore, regular monitoring for unusual activities on the site may help mitigate potential damage.

As the landscape of cybersecurity threats continues to evolve, business owners must remain vigilant and proactive. Awareness of vulnerabilities and their implications is crucial for maintaining a secure digital presence, particularly in an environment fraught with risks associated with exploited weaknesses in popular platforms. Keeping abreast of updates related to software used within business operations, and instilling a culture of cybersecurity awareness, will be fundamental in navigating these challenges effectively.

Source link

Related Posts

Researchers Warn of Severe Vulnerabilities in Realtek Wi-Fi Module

A recent disclosure has unveiled critical vulnerabilities in the Realtek RTL8170C Wi-Fi module, which could be exploited by attackers to gain elevated privileges and take control of wireless communications. According to experts from the Israeli IoT security firm Vdoo, “Successful exploitation would grant complete control over the Wi-Fi module and potentially root access to the OS (such as Linux or Android) of embedded devices utilizing this module.” The Realtek RTL8710C Wi-Fi SoC serves as the foundation for Ameba, an Arduino-compatible platform designed for diverse IoT applications across sectors including agriculture, automotive, energy, healthcare, industrial, security, and smart home technologies. These vulnerabilities impact all embedded and IoT devices that utilize this component for Wi-Fi connectivity and necessitate that an attacker be on the same Wi-Fi network as the targeted devices.

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.

10 Major Vulnerabilities Identified in CODESYS Industrial Automation Software

Cybersecurity researchers revealed ten significant flaws in CODESYS automation software that could allow remote code execution on programmable logic controllers (PLCs). According to experts from Positive Technologies, an attacker requires only network access to exploit these vulnerabilities—no username or password is necessary. The root cause lies in inadequate input data verification, often due to non-adherence to secure development practices. The Russian cybersecurity firm identified these flaws in a PLC produced by WAGO, which, along with other automation companies like Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, utilizes CODESYS software for programming and configuring their controllers. CODESYS provides a development environment for programming controller applications.

Instagram Bug Exposed Private Accounts, Allowing Unfettered Access to Archived Content

June 15, 2021

Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.