A critical privilege-escalation vulnerability tracked as CVE-2021-25036 could lead to backdoors for admin access nesting in web servers.
A popular WordPress SEO-optimization plugin, called All in One SEO. This plugin has a pair of security vulnerabilities that, when combined into an exploit chain, could leave website owners open to site takeover.
What versions are vulnerable?
For both vulnerabilities, update your plugins to version 220.127.116.11 then vulnerabilities will be patched.
Privilege Escalation and SQL Injection
The more severe issue out of the two bugs is the privilege-escalation problem. It carries a critical rating of 9.9 out of 10.
The vulnerability “can be exploited by simply changing a single character of a request to upper-case,” researchers at Sucuri explained.
“When exploited, this vulnerability has the capability to overwrite certain files within the WordPress file structure. “This would allow a takeover of the website, and could elevate the privileges of subscriber accounts into admins.”
The second bug carries a high-severity CVSS score of 7.7 and affects versions 18.104.22.168 and 22.214.171.124
All in One SEO users should update to the patched version to be safe. Additonal defensive steps include:
- Reviewing the administrator users in the system and removing any suspect ones;
- Changing all administrator account passwords; and
- Adding additional hardening to the administrator panel.
Plugin Paradise for Website Hackers
“WordPress plugins continue to be a major risk to any web application, making them a regular target for attackers.
Shadow code introduced via third-party plugins and frameworks vastly expands the attack surface for websites.”
The warning comes as new bugs continue to crop up.
Interested in a weekly cybersecurity newsletter?