All In One SEO Plugin Patches Severe Vulnerabilities

All In One SEO Plugin Patches Severe Vulnerabilities

Posted by WP Tavern on December 14, 2021 at 7:42 pm
kitty kitty CATegory News
The All In One SEO plugin has patched a set of severe vulnerabilities that were discovered by the Jetpack Scan team two weeks ago. Version 4.1.5.3, released December 8, includes fixes for a SQL Injection vulnerability and a Privilege Escalation bug. Marc Montpas, the researcher who discovered the vulnerabilities, explained how they could be exploited: If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).The Privilege Escalation bug we discovered may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites. The Common Vulnerability Scoring System (CVSS) gave the vulnerabilities High and Critical scores for exploitability. Montpas explained that All In One SEO failed to secure the plugin’s REST API endpoints, allowing users with low-privileged accounts (such as subscribers) to bypass the privilege checks and gain access to every endpoint the plugin registers. This includes a particularly sensitive htaccess endpoint, which is capable rewriting a site’s .htaccess file with arbitrary content. Montpas said an attacker could abuse this feature to hide .htaccess backdoors and execute malicious code on…

…Full post on WP Tavern
Read Full

Similar Posts

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments