Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label All In One. Show all posts

All In One SEO Plugin Affects Millions of WordPress Websites

 

All in One SEO, a popular WordPress SEO-optimization plugin, contains a combination of security flaws that, when coupled into an exploit chain, might expose website owners to website takeover. 

As per Sucuri researchers, an attacker with an account on the site – such as a subscriber, shopping account holder, or member – can exploit the weaknesses, which is a privilege-escalation bug and a SQL-injection problem. 

“WordPress websites by default allow any user on the web to create an account,” researchers said in a posting on Wednesday. “By default, new accounts are ranked as a subscriber and do not have any privileges other than writing comments. However, certain vulnerabilities, such as the ones just discovered, allow these subscriber users to have vastly more privileges than they were intended to have.” 

Furthermore, the pair is ideal for straightforward exploitation, thus users must upgrade to the patched version, v. 4.1.5.3. The issues in the plugin utilized by more than 3 million websites, were discovered by Marc Montpas, an Automattic security researcher. 

The more serious of the two issues is the privilege-escalation problem, which affects All in One SEO versions 4.0.0 and 4.1.5.2. It has a significant vulnerability-severity rating of 9.9 out of 10 on the CVSS vulnerability-severity scale, owing to its simplicity of exploitation and the possibility to install a backdoor on the webserver. 

Sucuri researcher indicated that the vulnerability "can be exploited by simply changing a single character of a request to upper-case." 

Fundamentally, the plugin can send commands to different REST API endpoints while also performing a permissions check to ensure that no one is doing anything they are not authorized to do. According to the post, the REST API routes are case-sensitive, thus an attacker only needs to change the case of one character to circumvent the authentication checks. 

“When exploited, this vulnerability can overwrite certain files within the WordPress file structure, effectively giving backdoor access to any attacker,” Sucuri researchers said. “This would allow a takeover of the website, and could elevate the privileges of subscriber accounts into admins.” 

The second bug has a CVSS severity of 7.7 and impacts All in One SEO versions 4.1.3.1 and 4.1.5.2. The problem is on an API endpoint called "/wp-json/aioseo/v1/objects." As per Sucuri, if attackers abused the prior vulnerability to get admin capabilities, they would gain entry to the endpoint and also be capable of sending malicious SQL instructions to the back-end database to collect user passwords, admin information, and other sensitive information. 

In order to safeguard themselves, All in One SEO customers should update to the patched version, researchers advised.