Crucial and excessive severity vulnerabilities within the Responsive Menu WordPress plugin uncovered over 100,000 websites to takeover assaults as found by Wordfence.
Responsive Menu is a WordPress plugin designed to assist admins create W3C compliant and mobile-ready accountable website menus.
Flaws patched final month
In all, the Wordfence Risk Intelligence crew discovered three vulnerabilities that may be exploited by attackers with fundamental person permissions to add arbitrary information and remotely execute arbitrary code.
The primary flaw allows authenticated attackers to add arbitrary information which ultimately permits them to attain distant code execution.
The opposite two vulnerabilities enable a possible risk actor to forge requests to change plugin settings of the plugin which, in flip, permits them to add arbitrary information permitting for distant code execution.
To abuse the crucial vulnerability, attackers logged in as subscribers or one other low-level person need to add menu themes archived as ZIP information and containing malicious PHP information.
After the archive is extracted for set up, the attacker can entry the information by way of the positioning frontend to remotely execute the malicious code which in the end can result in a full website takeover.
ExpressTech, the corporate behind Responsive Menu, patched the safety points on January 19, 2021, following a number of contact makes an attempt between December 17 and January 4.
The report inquiries had been ultimately answered on January 10, after Wordfence escalated to the WordPress Plugins crew.
For the reason that safety points affect Responsive Menu variations 4.0.0 as much as 4.0.3 (or working in legacy mode), customers are suggested to instantly replace to model 4.0.4 that addresses the bugs to stop exploitation makes an attempt.
“All three vulnerabilities might result in a website takeover, which might have penalties together with backdoors, spam injections, malicious redirects, and different malicious actions,” Wordfence added.
Roughly 50,000 websites nonetheless uncovered to assaults
Regardless that Responsive Menu 4.0.4, the patched model, was launched on January 19, simply over 50,000 new downloads have been recorded till yesterday based mostly on stats out there on the WordPress plugin’s repository.
Since these numbers embrace each updates and new installs, virtually 50,000 WordPress websites utilizing Responsive Menu can nonetheless be hijacked by attackers.
Earlier this week, Wordfence additionally reported two crucial and excessive severity CSRF vulnerabilities in the NextGen Gallery plugin that permit hackers inject backdoors, create rogue admins, and probably take over 530,000 WordPress websites nonetheless working unpatched plugin variations.
WordPress ought to set up plugin safety updates as quickly as potential after they’re launched by builders seeing that risk actors often exploit already mounted vulnerabilities in outdated WordPress plugins of their assaults.