Certain critical and also high severity vulnerabilities within the known Responsive Menu WordPress plugin that was responsible for exposing over 100,000 sites to certain takeover attacks that were also reportedly discovered by Wordfence. Responsive Menu is actually a WordPress Plugin that is initially designed in order to help admins be able to create W3C compliant as well as mobile-ready responsible site menus.
WordPress vulnerability
While the plugin description on WordPress seems completely normal, the new information regarding the particular exposure by Bleeping Computer notes otherwise. In all, it was said that the Wordfence Threat Intelligence team were actually able to find three different vulnerabilities that can possibly be exposed by hackers along with basic user permissions for them to upload certain arbitrary files and even remotely execute the said arbitrary code.
The very first flaw would enable some authenticated attackers to be able to upload certain arbitrary files which would eventually allow them to be able to achieve remote code execution. The two of the other vulnerabilities reportedly allow a particular potential threat actor to be able to forge requests in order to modify certain plugin settings of the said plugin.This, in turn, would then allow them to upload certain arbitrary files allowing code execution to be done remotely.
Vulnerability exposure
To abuse the said critical vulnerability, the attackers were found logged in as normal subscribers or just another low-level user that needs to upload the menu themes archived as a particular ZIP file that practically contain some malicious PHP files. After the whole archive is then extracted for installation, the hacker is said to be able to access the files through a site frontend in order to remotely execute the said malicious code which would then ultimately lead towards a full site takeover.
ExpressTech, the said company that is behind the Responsive Menu has already patched the security issue some time last January of 2021. This patch followed the multiple contact attempts that have been made just between December 17 and January 4. The report inquiries were all then eventually answered on January 10 which was when after the whole Wordfence escalate happened to the said WordPress Plugins team.
Read Also: Brazil Sees 102 Million Customer Data Exposed, including President Bolsonaro's in Recent Hack
How do I protect my WordPress site?
Ever since the security issue impact of the now popular Responsive Menu versions 4.0.0 all the way up to 4.0.3, or basically the ones running in the legacy mode, users are now asked to immediately update their Plugin to the version 4.0.4 which would then address the bugs and also prevent exploitation attempts. Wordfence then gave a statement saying all of the three vulnerabilities could then lead towards a site takeover.
This, of which, could also have other consequences which would include backdoors, malicious redirects, spam injections, and even other particularly malicious activities. The patch version was reportedly released on January 19 with just a little over 50,000 new downloads that have well been recorded up until yesterday all based on the stats available on the popular WordPress plugin's repository.
Related Article: Instagram Now Detects Harassing Private DMs, Issues Stricter Penalty Warnings
This article is owned by Tech Times
Written by Urian Buenconsejo