The Code Snippets WordPress plugin has over 200,000+ active installations. Information about a high severity security flaw was published by another security vendor which revealed a vulnerability in which anybody could forge a request on behalf of an administrator and potentially inject malicious code on a vulnerable website.
Vulnerability: Critical CSRF to RCE
Vulnerable version: fixed in version 2.14.0
Number of sites affected: 200 000+
This issue could cause complete site takeovers. Vulnerabilities with such magnitude are quickly targeted by adversaries and updating to the patched version should be done immediately!
The vulnerability is within all versions of Code Snippets WordPress plugin with a version lower than 2.13.3. A patch has been released and the vulnerability is fixed in version 2.14.0.
Import function missed CSRF protection
Cross-site request forgery is where unauthorized commands are transmitted from a user that the web application trusts. Without the CSRF protection, the website administrator can be tricked into making an admin account to the attacker or the attacker could infect users, steal sensitive data and more.
Code snippets could be enabled during import
Even though code snippets were set to be disabled by default during import, the default settings could easily be bypassed by modifying the JSON body containing the code import details.
This has escalated the severity of the issue since the attacker could now inject malicious code which will be executed whenever someone visits the site.
Timeline of the Code Snippets vulnerability
January 23rd, 2020 – Vulnerability initially discovered and analyzed by another security vendor. Initial reach to the developer
January 24th, 2020 – Developer confirms details and begins working on the patch.
January 25th, 2020 – Patch released.
January 29th, 2020 – Public vulnerability disclosure.
January 29th, 2020 – Firewall rules updated for WebARX customers.
We continue to closely monitor the vulnerability and will update the article over-time with potential IOCs and important threat information. Read more about recent WordPress vulnerabilities here.
The post Critical CSRF to RCE Vulnerability in WordPress Code Snippets Plugin appeared first on WebARX.