WordPress 0-day vulnerability

WordPress has had several vulnerabilities, but they often involve vulnerable plugins, but not this time a Finnish security researcher has discovered a  zero-day vulnerability in the core engine of the WordPress content management system.

 The WordPress CMS used by Millions of website is vulnerable to a zero-day flaw that could allow hackers to remote code execution on the Web server in order to take full control of it.
The vulnerability, found by Jouko Pynnönen of Finland-based security firm Klikki Oy, is a Cross-Site Scripting (XSS) flaw buried deep into the WordPress’ comments system.
The vulnerability affects the WordPress versions 3.9.3, 4.1.1, 4.1.2, and the latest WordPress version 4.2.
How the 0-Day exploit works?

The zero-day exploit provided by the researcher works by posting a simple JavaScript code as a comment and then adding as long as 66,000 characters or over 64 KB in size.
When the comment is processed by someone with WordPress admin rights to the website, the malicious code will be executed without giving any indication to the admin.
By default, WordPress does not automatically publish a user’s comment to a post until and unless the user has been approved by the administrator of the site.
Hackers can bypass this limitation by fooling the administrator with their benign first comment, which once approved would enable any further malicious comments from that person to be automatically approved and published to the same post.
See the video here
So for you users that are using the versions listed above – patch!
WordPress has already made a fix available.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s