CSRF flaw in WordPress potentially allowed the hack of websites

Original Post from Security Affairs
Author: Pierluigi Paganini

Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks.

The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1.

An attacker can hack a website running a vulnerable version of WordPress that has comments enabled by tricking an administrator of a target site into visiting a website set up by the attacker.

“As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing.” reads the analysis published by RIPS Technologies.

“The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.”

WordPress is used by over 33% of all websites online and considering that comments are a feature of blogs that is enabled by default, the vulnerability potentially affected millions of sites.

The exploitation of the flaw allows even an unauthenticated, remote attacker to compromise a website and remotely execute code on it.

Scannell demonstrated the attack that relies on multiple flaws, including:

  • WordPress doesn’t implement CSRF validation when a user posts a new comment. “This is because some WordPress features such as trackbacks and pingbacks would break if there was any validation. This means an attacker can create comments in the name of administrative users of a WordPress blog via CSRF attacks.
  • The above issue can become a security issue since administrators of a WordPress blog are allowed to use arbitrary HTML tags in comments, even 

Pierluigi Paganini

(SecurityAffairs – CSRF, hacking)

The post CSRF flaw in WordPress potentially allowed the hack of websites appeared first on Security Affairs.


Go to Source
Author: Pierluigi Paganini

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux