• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Found an exploit in a really old Wordpress plugin...

trparky

trparky

Joined
Mar 6, 2017
Messages
3,381 (1.15/day)
Location
North East Ohio, USA
System Specs
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
I was browsing through the Wordfence Web Application Firewall log of my Wordpress site, and I found something interesting. Thankfully it was blocked by Wordfence so that's good—it never did any damage to my site. I don't even have the plugin installed on my site so again, good.

However, I digress—I found an exploit in an old Wordpress plugin. So old that it doesn't seem that Wordpress even lists it as a plugin to be installed. Thankfully.

However, the plugin does exist. I found it on Github and after a little bit of investigation, one of the files in that plugin is indeed vulnerable to that very exploit. A path traversal exploit. There's no input validation or cleanup before passing it to a PHP read() function.

What do I do with this knowledge? Is there a possibility that sites out there have this plugin installed and are vulnerable to this exploit?

Obviously, I don't want to publish this exploit or the name of the plugin publicly since well... duh. But what do I do? I have no idea how to responsibly disclose this vulnerablity.
 
Mindweaver

Mindweaver

Moderato®™
Staff member
Joined
Apr 16, 2009
Messages
8,385 (1.44/day)
Location
Charleston, SC
System Specs
System Name Tower of Power / Delliverance
Processor i7 14700K / i9-14900K
Motherboard ASUS ROG Strix Z790-A Gaming WiFi II / Z690
Cooling CM MasterLiquid ML360 Mirror ARGB Close-Loop AIO / Air
Memory CORSAIR - VENGEANCE RGB 32GB (2x16GB) DDR5 7200MHz / DDR5 2x 16gb
Video Card(s) ASUS TUF Gaming GeForce RTX 4070 Ti / GeForce RTX 4080
Storage 4x Samsung 980 Pro 1TB M.2, 2x Crucial 1TB SSD / NVM3 PC801 SK hynix 1TB
Display(s) Samsung 32" Odyssy G5 Gaming 144hz 1440p, 2x LG HDR 32" 60hz 4k / 2x LG HDR 32" 60hz 4k
Case Phantek "400A" / Dell XPS 8960
Audio Device(s) Realtek ALC4080 / Sound Blaster X1
Power Supply Corsair RM Series RM750 / 750w
Mouse Razer Deathadder V3 Hyperspeed Wireless / Glorious Gaming Model O 2 Wireless
Keyboard Glorious GMMK with box-white switches / Keychron K6 pro with blue swithes
VR HMD Quest 3 (512gb) + Rift S + HTC Vive + DK1
Software Windows 11 Pro x64 / Windows 11 Pro x64
Benchmark Scores Yes
Since it's on Github then I would report it to Github. Hopefully they will at least take it down which would be a big step in the right direction.
 
Assimilator

Assimilator

Joined
Feb 18, 2005
Messages
6,263 (0.85/day)
Location
Ikenai borderline!
System Specs
System Name Firelance.
Processor Threadripper 3960X
Motherboard ROG Strix TRX40-E Gaming
Cooling IceGem 360 + 6x Arctic Cooling P12
Memory 8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s) MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage 2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s) Dell S3221QS(A) (32" 38x21 60Hz) + 2x AOC Q32E2N (32" 25x14 75Hz)
Case Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply Fractal Design Ion+ 2 Platinum 760W
Mouse Logitech G604
Keyboard Razer Pro Type Ultra
Software Windows 10 Professional x64
Is the plugin still maintained at all? If so create an issue in their GH that explains you've found a vuln and asks for a direct non-public contact to reach out to, in order to detail it so they can fix it.

If it's abandoned then not much you can do, and if it's old enough to be abandoned it's really on the people using that plugin to stop using abandonware.
 
Last edited:
B

bug

Joined
May 22, 2015
Messages
14,208 (3.96/day)
System Specs
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
trparky

trparky

Joined
Mar 6, 2017
Messages
3,381 (1.15/day)
Location
North East Ohio, USA
System Specs
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Someone suggested that I disclose it to PatchStack. I've done just that.
 
You must log in or register to reply here.
Top