{"id":42512,"date":"2021-10-14T13:07:32","date_gmt":"2021-10-14T13:07:32","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=c6401c8763fc862487e5acf9149362ea"},"modified":"2021-10-14T13:07:32","modified_gmt":"2021-10-14T13:07:32","slug":"wordpress-plugin-exploit-puts-over-90000-sites-at-risk","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/wordpress-plugin-exploit-puts-over-90000-sites-at-risk\/","title":{"rendered":"WordPress plugin exploit puts over 90,000 sites at risk"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/bobby-hellard\">Bobby Hellard<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">14 Oct, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p>Researchers have unearthed a series of vulnerabilities that could have compromised thousands of <a href=\"https:\/\/www.itpro.co.uk\/network-internet\/web-browser\/359255\/wordpress-may-ban-googles-floc-third-party-cookies-alternative\"  data-cke-saved-href=\"https:\/\/www.itpro.co.uk\/network-internet\/web-browser\/359255\/wordpress-may-ban-googles-floc-third-party-cookies-alternative\">WordPress<\/a> websites.<\/p>\n<p>Potentially exploitable bugs were found in the <span class=\"scayt-misspell-word\" data-scayt-word=\"Brizy\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfcwnb31j23wyq\">Brizy<\/span>\u00a0Page Builder, a <span class=\"scayt-misspell-word\" data-scayt-word=\"WordPress\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfcwmgwltsjk8w\">WordPress<\/span> plugin that is installed across more than 90,000 websites, according to security firm <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfcwjvzikm9cgz\">Wordfence<\/span>.<\/p>\n<p>The company&#8217;s Threat Intelligence team reported the issues in August and a fix was released shortly afterwards, but it&#8217;s likely that a number of installations still remain <a href=\"https:\/\/www.itpro.co.uk\/security\/27713\/the-importance-and-benefits-of-effective-patch-management\"  data-cke-saved-href=\"https:\/\/www.itpro.co.uk\/security\/27713\/the-importance-and-benefits-of-effective-patch-management\">unpatched<\/a>. If exploited, it could allow attackers to execute &#8220;complete site takeover&#8221; and add <a href=\"https:\/\/www.itpro.co.uk\/malware\/28076\/what-is-malware\"  data-cke-saved-href=\"https:\/\/www.itpro.co.uk\/malware\/28076\/what-is-malware\">malicious code<\/a> to existing posts.<\/p>\n<p>The vulnerabilities could also allow for any registered user, including subscribers, to pass as an administrator, where they could modify posts and pages, even if they had already been published on a site.<\/p>\n<p>The <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence's\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfdlkt3db79lfj\">Wordfence&#8217;s<\/span> Threat Intelligence team said it stumbled upon the vulnerability while conducting a routine review of the <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfdlinpy5rjgdf\">Wordfence<\/span> firewall in July. It said the plugin &#8220;did not appear&#8221; to be under active attack, but they were led to believe that there was something amiss following\u00a0&#8220;unusual traffic&#8221;.<\/p>\n<p>&#8220;The unusual traffic led us to discover two new vulnerabilities as well as a previously patched access control vulnerability in the plugin that had been reintroduced,&#8221; <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfeds48cxegj0z\">Wordfence<\/span> wrote in a blog post. &#8220;Both new vulnerabilities could take advantage of the access control vulnerability to allow complete site takeover.&#8221;<\/p>\n<p>A patched version of the <span class=\"scayt-misspell-word\" data-scayt-word=\"Brizy\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyff3nkn0ry677u\">Brizy<\/span>\u00a0Page Builder plugin, was released on 24 August, just a few days after <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyff3ms7o6ustch\">Wordfence<\/span> disclosed the vulnerability. <span class=\"scayt-misspell-word\" data-scayt-word=\"Wordfence\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfg4mp2sfv55dd\">Wordfence<\/span> &#8220;strongly recommends&#8221; users update to the latest version of the <span class=\"scayt-misspell-word\" data-scayt-word=\"Brizy\" data-wsc-lang=\"en_GB\" data-wsc-id=\"kuqyfg4j17iev7cun\">Brizy<\/span>\u00a0Page Builder (2.3.17) as soon as possible. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Bobby Hellard<\/p>\n<p>        14 Oct, 2021    <\/p>\n<p>      Researchers have unearthed a series of vulnerabilities that could have compromised thousands of WordPress websites.<br \/>\nPotentially exploitable bugs were found in the Brizy\u00a0Page Builder, a WordPres&#8230;<\/p>\n","protected":false},"author":403,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-42512","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/403"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=42512"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42512\/revisions"}],"predecessor-version":[{"id":42513,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42512\/revisions\/42513"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=42512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=42512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=42512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}