Security researchers from RIPS Technologies (RIPSTECH) released details of an unpatched security flaw that affects WordPress, one of the internet’s most popular content management system’s (CMS). The vulnerability was reported to WordPress November of last year, but WordPress has failed to release a patch. The vulnerability affects the WordPress core and not one of its many plugins or themes.

By exploiting the vulnerability, the attacker has the capability to delete any file of the WordPress Installation and any other file on the server on which the PHP process user has the proper permissions to delete. Besides possibly deleting the whole WordPress Installation which can be disastrous, an attacker could have the capability of arbitrary file deletion to circumvent some security measures and to execute arbitrary code on the webserver.

Although exploiting the vulnerability would require an attacker to have gained access to edit and delete media files in advance. The vulnerability then can be used to escalate privileges achieved through the takeover of an account with a role as low as Author, or through the exploitation of another vulnerability/mis-configuration. This can then lead to the hijacking of a site. The hijacking could occur by the attackers deleting the wp-config.php, which is the config file for the site. After deleting the file an attacker can re-initiate installation process and install the site using their own settings, effectively hijacking the site to distribute custom or malicious content.

At this time there is no patch available to fix this vulnerability. Any version of WordPress, including the current 4.96 version, is vulnerable. There is a temporary hotfix developed by RIPS team that can be integrated into an existing WordPress installation. The fix should be seen as a temporary fix to prevent attacks.

Read more: RIPSTECH




Register for your FREE Threat Check today: