Wordfence, a WordPress safety software program firm, printed particulars a couple of vulnerability in widespread WordPress search engine optimisation software program SEOPress. Earlier than making the announcement, WordFence communicated the main points of the vulnerability to the publishers of SEOPress who promptly mounted the difficulty and printed a patch to repair it.
In accordance with WordFence:
“This flaw made it potential for an attacker to inject arbitrary internet scripts on a weak website which might execute anytime a consumer accessed the “All Posts” web page.”
The US authorities Nationwide Vulnerability Database web site listed the Wordfence supplied CNA (CVE Numbering Authority) score for the SEOPress vulnerability as a medium level rating and a score of 6.4 on a scale of 1 to 10.
Commercial
Proceed Studying Beneath
The weak spot enumeration is categorized as:
“Improper Neutralization of Enter Throughout Internet Web page Technology (‘Cross-site Scripting’)”
The vulnerability impacts SEOPress variations 5.0.0 – 5.0.3.
What’s the SEOPress Vulnerability?
The official SEOPress changelog didn’t actually describe the vulnerability or disclose that there was a vulnerability.
This isn’t a criticism of SEOPress, I’m simply noting that SEOPress described the issue in obscure phrases:
“INFO Strengthening safety (due to Wordfence)”
Screenshot of SEOPress Changelog
The problem affecting SEOPress permits any authenticated consumer, with credentials as little as a subscriber, might replace the title and outline of any publish. As a result of this enter was insecure in that it didn’t correctly sanitize this enter for scripts and different unintended uploads, an attacker might add malicious scripts that might then be used as a part of a cross website scripting assault.
Commercial
Proceed Studying Beneath
Though this vulnerability is rated as medium by the Nationwide Vulnerability Database (probably as a result of the vulnerability impacts websites that permit consumer registrations equivalent to subscribers), WordFence cautions that an attacker might “simply” take over a weak web site underneath the listed circumstances.
WordFence stated this in regards to the cross-site scripting (XSS) vulnerability:
“…cross-site scripting vulnerabilities equivalent to this one can result in quite a lot of malicious actions like new administrative account creation, webshell injection, arbitrary redirects, and extra.”
Cross Web site Scripting (XSS) vulnerabilities assault vectors are usually in areas the place somebody can enter knowledge. Anyplace that somebody can enter data, like a contact kind, is a possible supply of an XSS vulnerability.
Software program builders are imagined to “sanitize” the inputs, which suggests they’re imagined to test that what’s being enter shouldn’t be one thing that’s sudden.
REST API Enter Insecure
This explicit vulnerability affected the enter associated to getting into title and outline of a publish. Particularly, it affected what’s often called the WordPress REST API.
The WordPress REST API is an interface that enables WordPress plugins to work together with WordPress.
With the REST API, a plugin can work together with a WordPress website and modify the net pages.
The WordPress documentation describes it like this:
“Utilizing the WordPress REST API you’ll be able to create a plugin to supply a completely new admin experiences for WordPress, construct a model new interactive front-end expertise, or carry your WordPress content material into utterly separate purposes.”
Commercial
Proceed Studying Beneath
In accordance with WordFence, the SEOPress WordPress REST API endpoint was applied in an insecure method in that the plugin didn’t correctly sanitize the inputs by means of this methodology.
Citations
WordFence SEOPress Vulnerability Announcement
National Vulnerability Database entry on the SEOPress Stored Cross-Site-Scripting issue