Wordfence warns of WordPress plugin vulnerability allowing site deletion – TechGenix

Researchers at Wordfence warned of a vulnerability (CVE-2021-39333) affecting a known WordPress plugin. The plugin, HashThemes Demo Importer, has a vulnerability (rated 8.1 on the CVSS scale) that, when exploited, can cause a full reset of a WordPress site. This effectively would wipe any trace of prior data on a WordPress webpage, regardless if it is written word or forms of media.
This latest plugin vulnerability is one of several that has plagued the popular WordPress blog-building program over the past few years.
Wordfence explains in the following excerpt the core cause of the HashThemes Demo Importer vulnerability:
The Hashthemes demo importer plugin failed to perform capability checks for many of its AJAX actions. While it did perform a nonce check, the AJAX nonce was visible in the admin dashboard for all users, including low-privileged users such as subscribers. The most severe consequence of this was that a subscriber-level user could reset all of the content on a given site.
 
Any logged-in user could trigger the hdi_install_demo AJAX function and provide a parameter set to true, resulting in the plugin running it’s database_reset function. This function wiped the database by truncating every database table on the site except for wp_options, wp_users, and wp_usermeta. Once the database was wiped, the plugin would then run its clear_uploads function, which deleted every file and folder in wp-content/uploads.
Users of Wordfence Premium were protected from this via a firewall alteration. Wordfence also states in their post that they first contacted the developers of HashThemes in late August. It took the developers a month to respond, and when they finally did, they released a patch that they neglected to mention in their changelog. The most up-to-date patch is, as of this article’s writing, patch 1.1.2. The best course of action is to install the HashThemes Demo Importer update if you have not already done so. There are no workarounds for this vulnerability so, the quicker, the better.
Featured image: Shutterstock

googletag.cmd.push(function(){googletag.defineSlot(‘/40773523/WS-Sponsored-Text-Link’,[848,75],’div-gpt-featured-links-1′).addService(googletag.pubads()).setCollapseEmptyDiv(true);googletag.defineSlot(‘/40773523/WS-Sponsored-Text-Link’,[848,75],’div-gpt-featured-links-2′).addService(googletag.pubads()).setCollapseEmptyDiv(true);googletag.defineSlot(‘/40773523/WS-Sponsored-Text-Link’,[848,75],’div-gpt-featured-links-3′).addService(googletag.pubads()).setCollapseEmptyDiv(true);googletag.defineSlot(‘/40773523/WS-Sponsored-Text-Link’,[848,75],’div-gpt-featured-links-4′).addService(googletag.pubads()).setCollapseEmptyDiv(true);googletag.defineSlot(‘/40773523/WS-Sponsored-Text-Link’,[848,75],’div-gpt-featured-links-5′).addService(googletag.pubads()).setCollapseEmptyDiv(true);googletag.pubads().enableSingleRequest();googletag.enableServices();});
Home » Security » Vulnerabilities » Wordfence warns of WordPress plugin vulnerability allowing site deletion
Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.
Your email address will not be published. Required fields are marked *


document.getElementById(“ak_js”).setAttribute(“value”,(new Date()).getTime());
Join Our Newsletter
Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry.

Over 1,000,000 fellow IT Pros are already on-board, don’t be left out!
Free Active Directory Auditing with Netwrix
techgenix logo
TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.

source

Leave a Reply

Your email address will not be published.