Another WordPress plugin with over 1 million active installations has made it to the news due to security bugs. This time, it’s the Page Builder plugin for WordPress sites that has a couple of bugs allowing full site takeovers.
Page Builder WordPress Plugin Bugs
Wordfence has highlighted another vulnerable WordPress plugin that boasts more than 1 million active installations.
As revealed in their blog post, the popular WordPress plugin Page Builder by SiteOrigin had multiple security bugs. Exploiting these bugs could allow an adversary to gain complete control of the target website.
Briefly, both the researchers found two CSRF to Reflected XSS vulnerabilities. They deemed both the bugs as high-severity flaws, each receiving a CVSS score of 8.8.
The first of these bugs existed in the plugin’s live editor feature. Whereas, the other affected the
action_builder_content function linked with AJAX action
As described by the researchers,
Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link or an attachment, for the attack to succeed.
Eventually, an attacker could either create new admin accounts on the site, redirect site admin, or inject backdoor.
The following video demonstrates the PoC of the exploit.
Patches Available – Update Now!
After discovering the vulnerabilities, Wordfence swiftly reached out to the developers to report the flaws.
Consequently, the developers acknowledged the bugs the very next day and also released patches for both bugs.
Hence, now, the users can update their websites with the latest Page Builder by SiteOrigin plugin version 2.10.16 that contains the fixes. Since the PoC is out, users must ensure updating their sites very quickly to stay protected.
Recently, the researchers also highlighted bugs in two related WordPress plugins that posed a threat to over a million websites.