Skip to main content

Wordpress plugins with zero-day vulnerabilities

Three WordPress plugins have zero-day vulnerabilities which can give attacker remote access to the compromised site without having to authenticate themselves.
Threat ID:
CC-1687
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Zero day
Published:
9 October 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Three WordPress plugins have zero-day vulnerabilities which can give attacker remote access to the compromised site without having to authenticate themselves.

Threat details

The affected plugins are exploited by a simple PHP object interaction however the attack works differently on Flickr gallery than it does on RegistrationMagic and Appointments. In Flickr the attacker would need to send the exploit as a POST request to the site's root URL. The other two sites were exploitable in the same way but the request would go through admin-ajax.php instead.

Once the exploit is completed a PHP backdoor is created and saved to a location of choice by the attacker where they can remotely exploit the compromised website.

Remediation steps

Type Step
  • Ensure that any of the affected plugins are updated to the most recent version.

Last edited: 17 February 2020 11:41 am