HomesecurityError in WordPress plugin allows hackers to convert users into administrators

Error in WordPress plugin allows hackers to convert users into administrators

A critical privilege escalation error found in a WordPress SEO plugin, Rank Math, can allow hackers to grant administrator privileges to anyone registered with one of the 200.000 active sites if they have not downloaded patches. Rank Math is a WordPress plugin described by them developers as the "Swiss Army Knife of WordPress SEO" and is designed to help site owners attract more traffic to their sites through search engine optimization (SEO). The plugin comes with a configuration wizard that configures it through a step-by-step installation process and has support for Google Schema Markup (also known as Rich Snippets), keyword optimization, search console integration Google, Google Keyword Position Tracking, and more.

The vulnerability to privilege escalation was identified in Rank Math by Defiant's Wordfence Threat Intelligence team at an unprotected REST endpoint API. According to Defiant QA engineer Ram Gall, the successful exploitation of this bug allowed an unauthorized intruder to inform arbitrarily metadata, which included the ability to grant or revoke administrator privileges for anyone registered with website. But the worst part is that hackers could also "lock" administrators from their sites, revoking their administrator privileges, seeing that many WordPress sites have only one user as an administrator.

At the end of the REST API researchers also discovered a second bug, which allowed unauthorized intruders to generate redirects from virtually any site site to any destination they wanted. The bug was found in one of the optional modules of the Rank Math plugin that helps users create redirects to WordPress websites. According to Ram Gall, this attack could be used to block access to all existing content on a site other than the homepage, moving visitors to a site. malicious site.

In late March, the development team released Rank Math 1.0.41, an up-to-date update version containing fixes for REST API security issues reported by its research team Defiant. Since at least one of these two errors is considered critical, it is highly recommended that Rank Math users receive the latest update that contains fixes for both errors.

Since the beginning of 2020, WordPress websites have been heavily targeted by hackers, who are trying to exploit them by taking advantage of newly fixed or zero bugs in plugins installed on hundreds of thousands of sites. In late February, researchers identified tens of thousands of attacks on WordPress sites that exploit critical bugs and could create malware accounts management.

Hackers have also attempted to breach WordPress websites by exploiting vulnerable links to some 1.250.000 active sites, as well as numerous bugs in a WordPress plugin, the GDPR Cookie, used by more than 700.000 websites.

Every accomplishment starts with the decision to try.