Critical Security Vulnerability Existed in wpDiscuz WordPress Plugin

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Once again, a critical security flaw in a WordPress plugin posed a threat to thousands of websites. This time, the researchers discovered the vulnerability in the wpDiscuz WordPress plugin.

wpDiscuz WordPress Plugin Vulnerability

Researchers from Wordfence have come up with one more report about a vulnerable plugin. As described in their recent blog post, they caught a critical vulnerability in the wpDiscuz WordPress plugin. Exploiting this bug could let an attacker achieve various dangerous privileges on the target server, including remote code execution and arbitrary file upload.

The vulnerability existed because it was possible to bypass file verification. While the plugin allowed uploading image files as attachment, due to the flaw, an adversary could exploit this functionality to upload any file types, including PHP files.

Describing this issue, the blog stated,

The issue was escalated with the ‘isAllowedFileType’ function that did a check to see if the file was an allowed file type as it used the mime from the ‘getMimeType’ function. Due to the fact that the ‘getMimeType’ function used functions to obtain a file’s mime type based on file content, any file type could easily be spoofed to look like an allowed file type and pass this check.

To do so, the attacker would simply need to include an image with the request. Thus, the plugin won’t detect the file type and would respond with the file-path location. This would then allow the attacker to access files in that location of the server.

Consequently, this would not only allow the attacker to upload arbitrary files to the target server, but also to access other files and execute commands. Also, an attacker could exploit the target hosting account to inject malicious codes to other sites hosted in it. Eventually, all sites on that particular server would become prey to the attack.

Developers Patched The Flaw

The researchers caught this critical severity bug that achieved a CVSS score of 10.0, in June 2020. After that, they reached out to the developers of Comments – wpDiscuz plugin that boasts over 80,000 active installations.

Specifically, the vulnerability affected the plugin versions 7.0.0 to 7.0.4. Following the bug report, the developers patched the flaw with the release of version 7.0.5.

Due to the critical nature of the bug, Wordfence did not share a PoC of the exploit. Though, since the patch is now available, they will share the PoC in their live video stream on August 4, 2020.

Until that time, all Comments-wpDiscuz plugin users must ensure updating their sites with the latest version to stay protected.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!