In recent days some serious vulnerabilities of three plugins have been brought to light WordPress – InfiniteWP, WP Time Capsule and WP Database Yieldst – which altogether are installed on over 400 thousand websites. We recommend to everyone who manages WordPress sites that make use of these plugins to immediately check the update to the most recent version of each, which solves the flaws.
The highest impact vulnerability concerns Infinite WP Client, a plugin that allows you to manage multiple websites from a single server. The flaw allows anyone to log in to an account with administrator privileges without any credentials, with the consequent possibility of performing any kind of action: from deleting content, to adding new users to conducting any type of attack or activity. harmful.
To exploit the vulnerability, it is sufficient to know only the username of a valid account and to include a suitably constructed package in a POST request sent to the vulnerable site. Anyone who uses Infinire WP Client in version 1.9.4.4 and earlier should immediately update to version 1.9.4.5. Infinite WP Client installed on over 300 thousand websites. Wordfence delves into the problem.
The similar problem for the plugin WP Time Capsule, which aims to allow easier management of the backups of the website on which it is installed. Also in this case there is the possibility of bypassing the authentication allowing an attacker to log in as an administrator. In this case, by including an appropriate string in a POST request, the attacker can obtain a list of administration accounts and automatically log in with the first one in the list. The bug has been fixed in version 1.21.16 and also in this case we urge WordPress site administrators who use the plugin to update immediately. WP Time Capsule installed on over 200 thousand websites. WebARX details the vulnerability.
As for the plugin WP Database Reset there are two vulnerabilities: one allows anyone, even without authentication, to reset any database table to its original state. In this case the problem arises from the fact that the reset function is not protected by standard controls or safety nonce. Anyone who exploited it could cause a complete loss of data or a reset of the site to the default WordPress settings. The second flaw can instead cause a situation of so-called "privilege escalation" and allows any authenticated user, even with minimal rights, to obtain administrative privileges and to expel other users. In this case we recommend the update to version 3.15 which addresses both vulnerabilities. WP Database Reset installed on 80 thousand sites. The analysis also in this case of Wordfence.
