Vulnerabilities in a popular WordPress plugin Fastest Cache could allow an attacker to gain access to credentials and takeover an admin account.
The security flaws in the extension, which has more than one million active downloads, were discovered during an internal audit of the software by Jetpack Security.
The first flaw, an SQL injection vulnerability which has a CVSS score of 7.7, could grant attackers access to privileged information from an affected site’s database, for example usernames and hashed passwords.
This SQL injection bug can only be exploited if the classic-editor plugin is also installed and activated on the site.
Researchers also found a cross-site scripting (XSS) bug via a cross-site request forgery (CSRF) flaw that has a CVSS score of 9.6. Exploitation of this vulnerability would allow an attacker to perform the same actions as their victim, potentially an admin user, had privileges to enact.
The same research team also discovered that they had the ability to store “rogue JavaScript” on the affected target.
Disclosure
In a blog post, the researchers from Jetpack provided more technical detail on how they were able to demonstrate the attacks. They credited researcher Marc Montpas with the original finding.
A timeline also showed that it took less than five weeks from initial contact with the vendor for them to fix the issue.
Fastest Cache users are urged to update to the latest version 0.9.5 to protect against these various vulnerabilities.
“We recommend that you check which version of the WP Fastest Cache plugin your site is using, and if it is less than 0.9.5, update it as soon as possible!” the blog reads.
Source: https://portswigger.net/daily-swig/injection-vulnerabilities-in-popular-wordpress-plugin-could-expose-credentials-allow-admin-access