Connect with us

WORDPRESS

All In One SEO Vulnerability Affects +3 Million Sites

Published

on

Main Article Image

Security researchers at Jetpack discovered two serious vulnerabilities in the All In One SEO Plugin. The vulnerabilities could allow a hacker to access usernames and passwords and also perform remote code execution exploits.

The vulnerabilities are dependent on each other in order to be successful. The first one is called a Privilege Escalation Attack, which allows a user with a low level of website access privilege (like a subscriber) to raise their privilege level to one with more access privileges (like a website administrator).

The security researchers at Jetpack describe the vulnerability as severe and warn of the following consequences:

“If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).”

Authenticated Privilege Escalation

One of the exploits is an Authenticated Privilege Escalation vulnerability that exploits the WordPress REST API, allowing an attacker to access usernames and passwords.

The REST API is a way for plugin developers to interact with the WordPress installation in a secure manner to enable functionalities that do not compromise security.

This vulnerability exploits the WordPress REST API endpoints (URLs representing posts, etc.). Attacks on the REST API are increasingly a weak point in WordPress security.

But it’s not the fault of WordPress because the REST API is designed with security in mind.

The fault, if fingers must be pointed, lies entirely with the plugins.

Advertisement

In the All In One SEO plugin the problem was in the security checks that verify if a user accessing an API endpoint had the right privilege credentials.

According to Jetpack:

“The privilege checks applied by All In One SEO to secure REST API endpoints contained a very subtle bug that could’ve granted users with low-privileged accounts (like subscribers) access to every single endpoint the plugin registers.

…Since it didn’t account for the fact that WordPress treats REST API routes as case-insensitive strings, changing a single character to uppercase would completely bypass the privilege checks routine.”

Hmm… Right?

Authenticated SQL Injection

The second exploit is an Authenticated SQL Injection. This relies on an attacker first having some user credentials, even one as low as a website subscriber.

A SQL injection is the exploitation of an input with an unexpected series of code or characters which then enables the exploit, like providing access.

The non-profit Open Web Application Security Project (OWASP) site defines a SQL Injection like this:

  1. “An unintended data enters a program from an untrusted source.
  2. The data is used to dynamically construct a SQL query”

Jetpack notes that the privilege escalation vulnerability allows an attacker to then mount the Authenticated SQL Injection attack.

“While this endpoint wasn’t meant to be accessible to users with low-privileged accounts, the aforementioned privilege escalation attack vector made it possible for them to abuse this vulnerability.”

Updating SEO Plugin Recommended

This vulnerability affects versions 4.0.0 through 4.1.5.2. The latest version at this time, 4.1.5.3 is the safest version to update to. The security researchers at Jetpack recommend updating to the latest version.

Advertisement

Citations

Read the Jetpack vulnerability report:

Severe Vulnerabilities Fixed in All In One SEO Plugin Version 4.1.5.3

Read What a SQL Injection Is

SQL Injection

Searchenginejournal.com

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Advertisement
Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

Entireweb
en_USEnglish