A series of critical vulnerabilities in an online course plugin for the WordPress management system hits 75,000 sites. Your users may be susceptible to attacks involving data theft and contamination with malware from domains that use the LearnPress extension to create classes, assignments, quizzes and interaction interfaces with students, in addition to selling educational products.
- wordpress | 29% of critical plugin flaws are not fixed
- WordPress forces update of sites that use critically flawed plugin
Originally, the gaps found last year were fixed at the end of December, but only 25% of the more than 100,000 sites that use the plugin have already updated it to the new version. The rest, according to the security company focused on WordPress Patchstack, remains vulnerable and susceptible to advanced exploits against data saved on servers and, also, the use of legitimate platforms to launch scams against customers.
The exploit chain is made up of three high-level vulnerabilities. In the first, tracked as CVE-2022-47615, attackers are able to list server directories and access internal files without authentication, which can expose user data, credentials and API keys. The other two, CVE-2022-45808 and CVE-2022-45820, also allow this, with the inclusion of information and execution of malicious codes from SQL injection on different features of the plugin.
In addition to these factors, a series of well-known attacks on WordPress platforms are being developed, with criminals taking advantage of openings to insert false pages or modify the content of legitimate sections of websites. They take advantage of the credibility of the companies responsible for it to strike against their customers, without even the domain administrators noticing that something is wrong.
According to Patchstack, the scope of the exploits cited here is relatively small because, in the most tense part of the set, access to a user profile with the ability to create a post is required. Even so, from the first vulnerability or insufficient security measures, it would be possible to invade such an account, giving access to the execution of malicious codes and the insertion of malware that would contaminate users from systems considered legitimate.
Greater code checking and sanitization was applied by the LearnPress developers in the 4.2.0 update, which has been available since late last year. The recommendation is that users update the extension as soon as possible or suspend use until this is possible, since, with proofs of concept and technical details of the breach published, it shouldn’t take long for crooks to start exploiting the openings.