SQL Injection Vulnerability Discovered in WordPress Plugin
WordPress, the juggernaut CMS powering more than 1 billion websites, most notable ones being Techcrunch, The New Yorker, Sony, and MTV among many other, is not devoid of vulnerabilities when it comes to website security. Recently, one of its most popular plugins, WP Statistics, was deemed as flawed, rendering nearly 300,000 websites open to exploitation by attackers online.
The plugin WP Statistics has recently been discovered vulnerable to SQL Injection flaw. Exploiting which a remote attacker, with as much as a subscriber account, can steal sensitive information from the website’s database and possibly gain unauthorized access to websites. The vulnerability has been termed as ‘severe’.
SQL Injection refers to a web application malpractice where hackers inject a Structured Query Language (SQL) Code in user inputs with the sole purpose of stealing database contents. The vulnerability resides in multiple functions in the WP statistics plugin including wp_statistics_searchengine_query().
By simply calling the above shortcode, admin users can obtain detailed information about the number of visits. While some attributes of the shortcode are being passed as parameters for important functions, it becomes essential to sanitize inputs to these functions. But on the contrary, function wp_statistics_searchengine_query() is accessible through WordPress’ AJAX functionality thanks to the core function wp_ajax_parse_media_shortcode().
The issue stems from the inability of the software to sanitize the data properly once inserted in form queries. WordPress allows developers to make content that can be injected into pages using a shortcode. This becomes a problem with the following WP Statistics shortcode:
[shortcode atts_1=”test” atts_2=”test”]
Plugins provide a horde of functionalities to WordPress based websites. Such vulnerabilities are emblematic of a greater issue. In order to make fast releases and bring functionalities first in the market, it often leads to trading off the security aspect of the application. WordPress Security is a grave issue today.
The only rectification is to immediately update to the latest version. To secure your WordPress website and audit for potential threats, visit Astra WordPress Security.