Home SEO News Critical vulnerability in WordPress forms plugin affects up to +200,000 installations

Critical vulnerability in WordPress forms plugin affects up to +200,000 installations

Dec 04, 2023 0 Comments
Critical vulnerability in WordPress forms plugin affects up to +200,000 installations

Wordfence security researchers detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute those files on the server.

MW WP Form Plugin

The MW WP Form plugin helps simplify the creation of forms on WordPress websites using a shortcode builder.

It makes it easy for users to create and customize forms with multiple fields and options.

The plugin has many features, including one that allows you to upload files using the [mwform_file name=”file”] short code for data collection. This specific feature is exploitable in this vulnerability.

Unauthenticated Arbitrary File Upload Vulnerability

An unauthenticated arbitrary file upload vulnerability is a security issue that allows hackers to upload potentially harmful files to a website. Unauthenticated means that the attacker does not need to be registered on the website or need any kind of permission level including a user permission level.

These types of vulnerabilities can lead to remote code execution, where uploaded files are executed on the server, potentially allowing attackers to exploit the website and site visitors.

Wordfence’s warning noted that the plugin has a check for unexpected file types, but it doesn’t work as it should.

According to security researchers:

“Unfortunately, while the file type check function works perfectly and returns false for dangerous file types, it throws a runtime exception in the try block if an unallowed file type is loaded, which will be caught and managed by the catch block.

… even if the dangerous file type is checked and detected, it is only logged, while the function continues to run and the file is loaded.

This means that attackers could load arbitrary PHP files and then access those files to trigger their execution on the server, achieving remote code execution.

There are conditions for a successful attack

The severity of this threat depends on the requirement that the “Save query data to database” option must be enabled in the form settings in order to exploit this vulnerability.

The security advisory notes that the vulnerability is rated critical with a score of 9.8 out of 10.

Actions to take

Wordfence advises MW WP Form plugin users to update their plugin versions.

The vulnerability is fixed in the lute version of the plugin, version 5.0.2.

The severity of the threat is particularly critical for users who have enabled the “Save query data to database” option in the form settings and this is compounded by the fact that no permission levels are required to execute this attack.

Read the Wordfence notice:

Update ASAP! Uploading unauthenticated critical arbitrary files to MW WP form allows malicious code execution

Featured image by Shutterstock/Alexander_P

[ad_2]

Source link

You May Also Like

Las Vegas SEO Co Announces Premier SEO Consultancy Services

Las Vegas SEO Co announces first SEO consulting services

Small seo tools plagiarism checker

Get the highest rank with a small online SEO tool

Local Marketing

The importance of local marketing for home service businesses

MAKE AN IMPACT WITH ADVANCED GENERATIVE ENGINE OPTIMIZATION

Google's advice on fixing broken links for SEO

Google’s unconventional tips for fixing broken backlinks

All the SEO Secrets: The CEO's Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

All the SEO Secrets: The CEO’s Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

About the Author: Ted Simmons

I follow and report the current news trends on Google news.

Leave a Reply

Your email address will not be published. Required fields are marked *