Vulnerability in the plugin for WordPress allows running cryptominers on sites

Vulnerabilities

In the popular AMP plugin for WordPress, a dangerous vulnerability has been fixed that allows users of WordPress sites with any privilege level to make changes that require administrative rights.

According to researchers from WebARX Security, the plugin does not provide a mechanism for checking the privilege level of the current authorized user. As a result, access to the API, which should be provided only to administrators, can be obtained by any user authorized on the site.

API calls are made using the Ajax framework. They are, in essence, “hooks” used by administrators to interact with third-party and external functions necessary to manage the site.

“In the development of plug-ins for WordPress, there is the possibility of registering Ajax hooks that allow you to invoke functionality directly. The main problem is that these “hooks” of Ajax can be appealed by any registered user (regardless of privilege level), ”the researchers explained.

The vulnerability affects the ampforwp_save_steps_data element called to save settings during installation. With its help, an attacker can perform various actions on the site, including placing ads, injecting their own HTML-code, as well as manually loading other WordPress plugins, cryptocurrency miners or malware on Javascript.

Vulnerability fixed in AMP version 0.9.97.20.

Leave a Reply

Your email address will not be published. Required fields are marked *