SQL​ ​injection​ ​vulnerability​ ​found​ ​in popular​ ​WordPress​ ​plug​ ​in,​ ​again

Security​ ​researchers​ ​have​ ​found​ ​yet​ ​another​ S ​ QL​ ​injection​ ​vulnerability​​ ​in​ ​a​ ​WordPress​ ​plugin.

Many​ ​of​ ​WordPress’​ ​security​ ​holes​ ​come​ ​from​ ​insecure​ ​plugins A​ ​“severe”​ ​SQL​ ​injection​ ​vulnerability​ ​has​ ​been​ ​found​ ​in​ ​the​ ​popular​ ​WordPress​ ​plugin WordPress​ ​Statistics. ​ ​Sucuri​ ​researchers​​ ​discovered​​ ​the​ ​vulnerability​ ​while​ ​security​ ​auditing​ ​popular​ ​open​ ​source products.​ ​If​ ​properly​ ​exploited,​ ​the​ ​vulnerability​ ​could​ ​be​ ​used​ ​to​ ​steal​ ​data. WordPress​ ​allows​ ​developers​ ​to​ ​make​ ​content​ ​that​ ​can​ ​be​ ​injected​ ​into​ ​pages​ ​using​ ​a shortcode.​ ​This​ ​becomes​ ​a​ ​problem​ ​with​ ​the​ ​WP​ ​Statistics​ ​shortcode. The​ ​vulnerability​ ​stems​ ​from​ ​data​ ​not​ ​being​ ​properly​ ​sanitised,​ ​the​ ​researchers​ ​note,​ ​resulting​ ​in “some​ ​attributes​ ​of​ ​the​ ​shortcode,​ ​wpstatistics,​ ​are​ ​being​ ​passed​ ​as​ ​parameters​ ​for​ ​important functions.” Sucuri​ ​encourages​ ​users​ ​to​ ​update​ ​without​ ​delay​ ​if​ ​they​ ​are​ ​using​ ​a​ ​vulnerable​ ​version​ ​of​ ​WP Statistics.

WordPress​ ​is​ ​an​ ​immensely​ ​popular​ ​CMS,​ ​used​ ​by​ ​60​ ​million​ ​websites​ ​and​ ​27.5​ ​percent​ ​of​ ​the top​ ​10​ ​million​ ​websites.​ ​WordPress​ ​Statistics​ ​alone​ ​is​ ​currently​ ​installed​ ​on​ ​over​ ​300,000 websites. Still,​ ​this​ ​is​ ​far​ ​from​ ​the​ ​first​ ​time​ ​WordPress​ ​has​ ​been​ ​found​ ​with​ ​vulnerabilities.​ ​In​ ​fact,​​ ​plenty​​ ​of security​ ​issues​ ​have​ ​been​ ​found​ ​in​ ​the​ ​platform.​ ​In​ ​February,​ ​WordPress​​ ​secretly​ ​patched​ ​a​ ​bug that​ ​would​ ​allow​ ​unauthenticated​ ​privilege​ ​escalation​ ​in​ ​WordPress​ ​REST​ ​API. Nor​ ​is​ ​it​ ​the​ ​first​ ​time​ ​that​ ​a​ ​vulnerable​ ​plugin​ ​has​ ​provided​ ​a​ ​route​ ​into​ ​WordPress.​ ​In​ ​2013, CheckMarx​​ ​released​ ​a​ ​report​​ ​showing​ ​that​ ​20​ ​percent​ ​of​ ​WordPress​ ​plugins​ ​and​ ​seven​ ​of​ ​the top​ ​10​ ​ecommerce​ ​plugins​ ​were​ ​vulnerable​ ​to​ ​basic​ ​web​ ​attacks. If​ ​an​ ​attacker​ ​were​ ​to​ ​find​ ​a​ ​list​ ​of​ ​plugins​ ​that​ ​a​ ​site​ ​uses,​ ​they​ ​could​ ​simply​ ​run​ ​a​ ​scan​ ​for known​ ​vulnerabilities​ ​in​ ​those​ ​plugins.​ ​Most​ ​recently,​​ ​researchers​ ​found​​ ​a​ ​“severe”​ ​SQL injection​ ​vulnerability​ ​in​ ​the​ ​gallery​ ​management​ ​plugin,​ ​NextGEN​ ​Gallery. Amit​ ​Ashbel,​ ​cyber-security​ ​evangelist​ ​at​ ​Checkmarx,​ ​told​ S ​ C​ ​Media​ ​UK​ ​that​ ​the​ ​popularity​ ​of the​ ​platform​ ​endures​ ​in​ ​spite​ ​of​ ​those​ ​holes:​ ​“Multiple​ ​large​ ​scale​ ​enterprises​ ​and​ ​SMBs​ ​use WordPress​ ​because​ ​it​ ​really​ ​does​ ​simplify​ ​managing​ ​and​ ​maintaining​ ​a​ ​web​ ​application.​ ​The real​ ​power​ ​of​ ​WordPress​ ​are​ ​its​ ​thousands​ ​of​ ​plugins​ ​which​ ​are​ ​developed​ ​by​ ​third​ ​parties​ ​and are​ ​there​ ​to​ ​provide​ ​additional​ ​functionality.” Rather,​ ​these​ ​vulnerabilities​ ​are​ ​emblematic​ ​of​ ​a​ ​larger​ ​issue,​ ​said​ ​Ashbel:​ ​“The​ ​problem​ ​is​ ​no different​ ​than​ ​with​ ​other​ ​application​ ​companies​ ​and​ ​is​ ​very​ ​often​ ​related​ ​to​ ​trading​ ​off​ ​security​ ​in order​ ​to​ ​release​ ​in​ ​time​ ​and​ ​be​ ​first​ ​to​ ​market.​ ​I​ ​believe​ ​that​ ​with​ ​WordPress​ ​the​ ​problem​ ​is​ ​more acute​ ​because​ ​we​ ​are​ ​talking​ ​about​ ​hundreds​ ​if​ ​not​ ​thousands​ ​of​ ​‘small'​ ​applications​ ​that​ ​are​ ​not properly​ ​vetted​ ​before​ ​made​ ​available.” More​ ​of​ ​Cyber​ ​crime​ ​and​ ​Malware: https://goo.gl/v1Jm85 https://goo.gl/6y3hVa https://goo.gl/sT9e3Z https://goo.gl/cptfi8 https://goo.gl/tuhnGS https://goo.gl/HnaoGF https://goo.gl/wFoKJ6