Vulnerability in widely-used WordPress plugin could allow full site takeover
WooCommerce has made ecommerce website building and developing easy with multiple plugins automating the tasks without any coding knowledge. TI WooCommerce Wishlist is one such plugin which enables the customers to add any product to their wishlist and buy them later. A flaw in this plugin enables the user (customer) to attain the admin status.
TI WooCommerce Wishlist has more than 70,000 active installations and a critical vulnerability like this could grant the attackers full administrative access to the website, including the risk of modification, deletion or even take over the entire site’s database.
The bug in the TI WooCommerce Wishlist Plugin has been patched in the latest version (1.21.12). More than 70,000 active users are rushed to update the existing version to the latest to fix the bug. However, half the crowd is yet to update and all the client data are open for an attack.
WooCommerce being the widely used tool enable a hacker to take control of the targeted site, due to lack of compatibility check and other flaws.
The plugin has an import function in the ti-woocommerce-wishlist/includes/export.class.php script, loaded with the WordPress admin_action_ hook, that lacks a capability check and security nonce, allowing an authenticated user to modify the content of the WordPress options table in the database
How do the hackers gain access? Simple, the hacker enables the registration by setting the users_can_register option and then creates an admin account by modifying the default_role to administration.
Though WooCommerce blocks non-admin users from entering the WP admin dashboard by default, the hacker can bypass the restriction rule easy and gain admin access.
So, how to prevent such attacks despite RCE flaws in the “plugins”?
A Web application Firewall Modshield SB secures your website from any such RCE flaw. Strongbox IT has designed the WAF (Web Application Firewall) in such a way to recognize these RCE flaws and secure your website from threats and attacks.
Why Modshield SB?
Modshield SB has unique features from any other WAF at just $0.58/hr which sums to $419/month approximately. These features include but not limited to:
- Unlimited Applications support,
- OWASP top 10 Coverage,
- Built-in Load Balancer,
- Application DLP,
- SSL Support,
- IP Whitelist/Blacklist,
- Country Whitelist/Blacklist,
- IP Reputation based Filters,
- Bot/Crawler Protections,
- TOR IPs/Scanners protection,
- Unlimited Core Rule Sets,
- Log Forwarding/Archival,
- Lifetime Free Support, and
- VM for Physical/Other Cloud Infrastructure.
Strongbox also provides different options to get Modshield SB – AWS Marketplace, Azure Marketplace, Google Cloud Marketplace, and also as a Physical VM ware.
The best part is, you can try Modshield SB free for 14 days* from any of these platforms.
References: https://portswigger.net/daily-swig/vulnerability-in-wordpress-plugin-ti-woocommerce-wishlist-could-allow-full-site-takeover
https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/