A security flaw in a popular WordPress plugin called WordPress Download Manager has now been fixed. The flaw allowed hackers to run and upload malicious files on the websites that ran the plugin.
According to the security researchers at Wordfence, the plugin has been installed on more than 100,000 websites that use WordPress and was found weak to two severe flaws. The first one allowed was a file upload vulnerability that would have let threat actors remotely execute malicious code and the second was a vulnerability to a double extension attack through which a file with multiple extensions could be used to trigger code.
As explained by Wordfence, "a user with author-level permissions could also upload a file with an image extension containing malicious JavaScript and set the contents of file[page_template] to the path of the uploaded file."
This would have allowed the actor to take control of the site by obtaining credentials or by remotely executing a code in the administrator's browser session.
The second vulnerability allowed authors and other users to perform a double extension attack. For instance, "it was possible to upload a file titled info.php.png. This file would be executable on certain Apache/mod_php configurations that use an AddHandler or AddType directive."
Both of the vulnerabilities have been fixed by the plugin's developer.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
