Criminals are exploiting a critical vulnerability in a WordPress gift card plugin installed on more than 50,000 websites, security researchers warn.
The flaw, tracked as CVE-2022-45359, is an arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin with a 9.8 (critical) CVSS v3 rating.
Perpetrators can exploit the flaw to upload any type of file to vulnerable websites, including web shells and backdoors that give them further access and remote code execution privileges.
The vulnerability affects versions 3.19.0 and earlier of the WordPress plugin due to a lack of capability checks and file type validation in one of the plugin’s functions.
“The vulnerability, reported by security researcher Dave Jong and publicly disclosed on November 22, 2022, impacts plugin versions up to and including 3.19.0 and allows unauthenticated attackers to upload executable files to WordPress sites running a vulnerable version of the plugin,” WordFence said in a security advisory. “This allows attackers to place a back door, obtain Remote Code Execution, and take over the site.”
According to security researchers, unexpected POST requests to wp-admin/admin-post.php
from unknown IP addresses might be solid indicators of compromise. Experts have also isolated a handful of payloads that could be used to determine if a website has been compromised, including:
shell[.]prinsh[.]com
, has a normalized SHA256 hash of 1a3babb9ac0a199289262b6acf680fb3185d432ed1e6b71f339074047078b28c
3c2c9d07da5f40a22de1c32bc8088e941cea7215cbcd6e1e901c6a3f7a6f9f19
8cc74f5fa8847ba70c8691eb5fdf8b6879593459cfd2d4773251388618cac90d
The researchers also noted that while the attacks were initiated from over 100 IP addresses, most of them originated from just two:
Last but not least, users running vulnerable versions (up to and including 3.19.0) of the YITH WooCommerce Gift Card Premium plugin are advised to update to the latest version available.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024