The article highlights a Privilege Escalation vulnerability in miniOrange’s Malware Scanner and Web Application Firewall WordPress plugins, affecting over 10,000+ and 300+ active installations respectively. The vulnerability allows unauthenticated attackers to grant themselves administrative privileges by updating the user password.
The Wordfence Threat Intelligence team identified and reported this critical vulnerability during their Bug Bounty Extravaganza, offering increased bounty rates for submissions up to $10,000. Stiofan, the researcher who discovered the vulnerability, received a bounty of $1,250.00 for their contribution.
Due to the severity of the vulnerability, Wordfence provided firewall rules for Wordfence Premium, Care, and Response users to protect against exploits targeting this vulnerability. The plugins have been permanently closed by the developer, with no patches available.
The technical analysis of the vulnerability revealed a missing capability check in the mo_wpns_init() function, leading to privilege escalation. The plugins’ improper use of the wp_authenticate_username_password() function enabled unauthenticated users to update any user’s password, potentially compromising the entire site.
The disclosure timeline details the steps taken, from receiving the submission to the vendor closing the plugins permanently. Wordfence urges users to delete miniOrange’s Malware Scanner and Web Application Firewall plugins immediately and seek alternative options.
In conclusion, the article emphasizes the importance of removing these vulnerable plugins from WordPress sites to prevent potential security risks. Wordfence users with Premium, Care, and Response subscriptions have already received protection, while free users will receive it later. It is crucial to share this information with others to ensure their sites remain secure in light of these vulnerabilities.
Read Full Article