Vulnerability in Popular WordPress Plugin Puts Millions of Websites at Risk
The All-in-One WP Migration and Backup plugin, used by over five million websites, has been found to have a high-severity vulnerability. This vulnerability is severe enough to allow attackers to compromise a website without needing any user authentication, but it is mitigated by a restricted attack method.
What is the Vulnerability?
The vulnerability is classified as an unauthenticated PHP object injection, which is less severe than typical PHP object injection vulnerabilities. This specific vulnerability requires a user with administrator-level credentials to export and restore a backup using the plugin to trigger the exploit.
How it Works
The plugin processes potentially malicious data during backup restoration without properly verifying it, creating an opportunity for attackers. However, the narrow attack opportunity makes exploiting the vulnerability less straightforward. If the right conditions are met, an attacker can delete files, access sensitive information, and run malicious code.
Severity and Impact
The vulnerability has been assigned a severity rating of 7.5, which is considered high but not critical. According to a report by Wordfence, the vulnerability affects versions up to and including 7.89 of the plugin. An attacker could inject a PHP Object, allowing them to potentially delete arbitrary files, retrieve sensitive data, or execute code if a POP chain is present via an additional plugin or theme installed on the target system.
Technical Details
The vulnerability is due to the deserialization of untrusted input in the ‘replace_serialized_values’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. However, an administrator must export and restore a backup in order to trigger the exploit.
Recommendation
Users of the plugin are recommended to update it to the latest version, which is 7.90 at the time of writing, to patch the vulnerability. It is essential to keep plugins up to date to prevent such vulnerabilities from being exploited.
Conclusion
The discovery and patching of this vulnerability in the All-in-One WP Migration and Backup plugin highlight the importance of keeping WordPress plugins updated. Although the vulnerability has a restricted attack method, it still poses a significant risk to websites using outdated versions of the plugin. By updating to the latest version, users can protect their websites from potential attacks and ensure the security of their data.