The vulnerabilities were located by The Wordfence Threat Intelligence team and related to the enemy accomplishing verified directory traversal.
WordPress is the backend to many sites across the world. It has been discovered that the WordPress plugin that was set up on over 1,00,000 sites has two different susceptibilities. The plugin, called WordPress Download Manager, is used to alter how download pages are shown. The susceptibilities were found by The Wordfence Threat Intelligence team and also related to the attacker achieving authenticated directory traversal. Currently, the WordPress Download Manager has some securities to shield against directory site traversal. They did not prove to be sufficient in this specific instance.
Because of this, it was feasible for a factor with lower privileges to retrieve the contents of a website’s wp-config. Php file by including a new download as well as performing a directory site traversal attack. Here, the components of the wp-config. Php was visible in the web page’s resource code upon previewing the download, considering that the materials of the file were echoed out onto the web page source. A user with author-level access might additionally upload a file or multimedia, including destructive JavaScript, and establish the file’s contents to the path of the uploaded file, which might cause Stores Cross-Site Scripting.
Before this, the WordPress Download Manager team had patched a susceptibility that allowed customers to submit files with php4 expansions and various other possibly malicious files. This patch safeguarded numerous setups. It just checked the last file extension that made it feasible for an aggressor to carry out a “dual extension” strike by publishing a file with multiple expansions like info.php.png.
The Wordfence Threat Intelligence Team had revealed its searchings to the WordPress group in May, and the designers released a patch the complying with day. Internet site proprietors who utilize WordPress are recommended to update to the current version instantly.