Over 100,000 WordPress Websites Vulnerable to Takeover Due to Critical Donation Plugin Flaw
August 21, 2024
Defiant, a WordPress security firm, recently revealed that a severe vulnerability in the GiveWP WordPress donation plugin could expose over 100,000 websites to takeover attacks.
The flaw, tracked as CVE-2024-5932 and with a CVSS score of 10/10, could let threat actors execute code remotely and delete arbitrary files on vulnerable websites.
Flaw Stems From a PHP Object Injection
According to its description, the vulnerability stems from a PHP object injection that occurs through the deserialization of untrusted input supplied to the give_title parameter.
Unauthenticated attackers could exploit the flaw to inject a PHP object; leveraging an additional Property Oriented Programming (POP) flaw could allow them to execute arbitrary code on the server remotely and delete files at will.
Improper Sanitization Could Lead to Full Website Takeovers
PHP serialization is typically used for storing complex data structures; however, when this serialized data includes PHP objects, it can become a vector for attacks if not properly sanitized upon deserialization.
In such a scenario, perpetrators could manipulate deserialized objects to trigger special functions, commonly known as “magic methods,” which could lead to full website takeovers.
Plugin Functionality and Impact
GiveWP, the affected WordPress plugin, is widely used for donation and fundraising efforts. The vulnerability specifically affects the way the plugin handles the give_title post parameter, which is not included in the validation process of serialized values during donation processing.
The plugin then uses additional functions for processing and storing the user-supplied information. This includes collecting and storing user titles based on the give_title post parameter, which, if manipulated, leads to the aforementioned security risks.
Update Immediately to Mitigate Risks
Developers addressed the issue by releasing version 3.14.2 of the vulnerable plugin. Owners of WordPress websites that use this plugin should immediately update the plugin to its latest version to mitigate risks associated with this flaw.
Despite the fix, there is a significant concern that tens of thousands of websites remain unpatched, particularly troubling given the plugin’s extensive download activity—over 60,000 downloads in the past week alone, according to WordPress statistics.
tags
Author
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsRight now Top posts
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
What Key Cyberthreats Do Small Businesses Face?
September 06, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
