WordPress needs updating: two gaps discovered by a Pole
Dawid Gołuński , a security specialist, discovered two vulnerabilities in the WordPress content management platform. One of them has been immortalized in the nomenclature CVE-2016-10033 and its proof of concept has been published in this video . This vulnerability allowed an attacker to remotely execute code on a web server by exploiting a vulnerability in the integral PHPMailer library. The second, no less dangerous (but more difficult to use) was marked as CVE-2017-8295 and it gave the opportunity to obtain a link to reset the password for any account, including the administrator account.
The first vulnerability , as already mentioned, gave the possibility of remote code execution (RCE) and was in PHPMailer - a script integrated to the Wordpress core for sending SMTP messages via PHP (eg notifications for the administrator about a new comment, adding an article , registering a new account, sending mailings directly from the server, etc.).
WP versions 4.6 to 4.7.0 may be vulnerable. And although the author of the vulnerability prepared an exploit for version 4.6, as he points out for AVLab, there may be similar attack vectors for popular plugins. Update of the indicated vulnerability appeared only in version 4.7.1, therefore we recommend urgent update.
The second vulnerability of CVE-2017-8295 was the system password restore function and enabled its unauthorized resetting. This may mean that in some cases the attacker will be able to obtain the credentials required to log in. Such an attack may lead to unauthorized access to an account with high privileges.
The WordPress 4.7.4 compilation brings patches in this respect.
In the latter case, the implementation of logging in via two-factor authentication, eg using Yubikey keys, mitigates vulnerabilities.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.