Recent Vulnerabilities in WordPress Plugins: Malware Scanner Issues
WordPress Malware Scanner Plugin Contains Vulnerability
The Malcure Malware Scanner plugin has been identified with a high-severity vulnerability, rated at 8.1, and is currently shut down in the WordPress repository. This vulnerability allows authenticated attackers to delete arbitrary files due to a missing capability check on the wpmr_delete_file() function.
Image courtesy of Search Engine Journal
The plugin has over 10,000 installations. Despite requiring user authentication for exploitation, the risk remains significant as it only necessitates subscriber-level access, the lowest level on WordPress sites.
According to Wordfence, "This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible."
Users are advised to uninstall the plugin immediately as there is no known patch available.
Malcure Plugin Screenshot
Image courtesy of Search Engine Journal
Malware Scanner Plugin Vulnerabilities
The Malware Scanner WordPress plugin prior to version 4.5.2 does not sanitize and escape its settings, leading to potential Cross-Site Scripting (XSS) attacks. Malicious users with administrator privileges can store harmful Javascript code, especially when unfiltered_html is disallowed, such as in multisite setups.
CVE Details
- CVE ID: CVE-2022-1995
- Severity: Moderate
- CVSS Score: 4.8/10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
For more details, visit CVE-2022-1995 and the WPScan Vulnerability.
Recent Vulnerable WordPress Plugins
Vulnerable plugins have been a significant cause of attacks on WordPress sites, accounting for about 55.9% of all hacking incidents. Users are encouraged to keep their plugins updated to mitigate risks.
Duplicator – WordPress Migration Plugin
The Duplicator plugin, used for site migration and backups, has faced an arbitrary file download vulnerability. Attackers could exploit this flaw to access and download sensitive files. A critical update was released in version 1.3.28 and Duplicator Pro Version 3.8.71.
ThemeGrill Demo Importer
This plugin allows users to import themes and content. A vulnerability allows hackers to take control of admin accounts. A patch was issued in version 1.6.3.
Profile Builder Plugin
A flaw in this plugin allowed unauthorized admin account registrations, impacting all versions up to 3.1.0. Users must update to version 3.1.1 for security.
Flexible Checkout Fields for WooCommerce
This plugin, which customizes checkout fields, had vulnerabilities that enabled malicious code injection. Updates were released in versions 2.3.2 and 2.3.3.
Async JavaScript
The Async JavaScript plugin faced a vulnerability allowing remote code execution attacks. The latest secure version is 2.20.03.01.
For additional details on the vulnerabilities, visit the blog on MalCare.
Malware Removal Strategies
If you suspect a malware infection, consider using tools like Wordfence for scanning and cleaning your site. Some recommended practices include:
- Regularly update plugins and themes.
- Change file permissions appropriately.
- Disable XML-RPC API.
- Use strong passwords and avoid common usernames.
If your site has been compromised, it's essential to remove any malware and secure your site against future attacks. For assistance, check out Malware Removal Services.
By following these steps, you can significantly reduce the risk of your WordPress site being compromised.