All in One SEO Pack Vulnerability – New Exploit via @martinibuster - Website Pro USA
Website Builder,SEO,Social Media Consultant, Hosting, Website Care Plans
45014
post-template-default,single,single-post,postid-45014,single-format-standard,theme-bridge,woocommerce-no-js,ajax_updown,page_not_loaded,,qode-content-sidebar-responsive,columns-3,qode-child-theme-ver-1.0.0,qode-theme-ver-9.2,hide_inital_sticky,wpb-js-composer js-comp-ver-7.9,vc_responsive

All in One SEO Pack Vulnerability – New Exploit via @martinibuster

All in One SEO Pack Vulnerability – New Exploit via @martinibuster

A new vulnerability was discovered in All in One SEO Pack. The newly discovered vulnerability can allow attackers to take full control of a website using a cross site scripting vulnerability.

Cross Site Scripting Vulnerability

These kinds of vulnerability is called a cross site scripting vulnerability (XSS).

ADVERTISEMENT
CONTINUE READING BELOW

It can generally involve a compromised input interface. So anywhere that a user can input and upload content, images or scripts needs to be “sanitized” in order to prevent malicious scripts from being uploaded.

Thus, typical entry points can be comments and forms. But these kinds of vulnerabilities can also affect areas of the site that are walled off from non-registered users.

The vulnerability affecting All in One SEO Pack affects an area of the site that requires a user to have posting privileges.

Because of this, it’s characterized as a medium level vulnerability.

Is All in One SEO Pack Vulnerable?

Yes, All in One SEO Pack (versions 3.6.1 and under) is vulnerable to an XSS exploit. This particular exploit affects an input area that is not sanitized.

ADVERTISEMENT
CONTINUE READING BELOW

The affected area is the SEO title and SEO description fields, where a logged in user with posting privileges can upload malicious scripts to gain administrative access, take over the site, or to infect site visitors.

As bad as that sounds, this is a medium level severity vulnerability because it requires a hacker to access log-in credentials of a registered user with posting privileges.

In order to accomplish that the hacker might need to employ social engineering tricks to steal the credentials or take advantage of a vulnerability in another plugin or theme.

According to WordFence, this is how the vulnerability could wreak havoc:

ADVERTISEMENT
CONTINUE READING BELOW

“Due to the JavaScript being executed whenever a user accessed the ‘all posts’ page, this vulnerability would be a prime target for attackers that are able to gain access to an account that allows them to post content.

Since Contributors must submit all posts for review by an Administrator or Editor, a malicious Contributor could be confident that a higher privileged user would access the ‘all posts’ area to review any pending posts.

If the malicious JavaScript was executed in an Administrator’s browser, it could be used to inject backdoors or add new administrative users and take over a site.”

ADVERTISEMENT
CONTINUE READING BELOW

How Vulnerability Was Discovered

Security researchers at WordFence discovered the vulnerability in All in One SEO Pack on July 10, 2020 and immediately notified the publishers of the plugin.

The publishers set to work on updating the vulnerability and released a patch on July 15, 2020, five days later.

Premium users of the WordFence Security Plugin received a firewall rule update on the same day that the vulnerability was discovered, July 10, 2020.

The update to All in One SEO Pack is correctly referred to in their changelog:

“Improved the output of SEO meta fields + added additional sanitization for security hardening”

Screenshot of All in One SEO Pack Changelog

Screenshot of All in One SEO Pack ChangelogScreenshot of All in One SEO Pack Changelog

ADVERTISEMENT
CONTINUE READING BELOW

Update All in One SEO Pack to 3.6.2

Everyone who uses All in One SEO Pack is encouraged to update their plugin to version 3.6.2 immediately. While this is rated as a medium severity vulnerability it is still prudent to patch the plugin so that it is safe.

Citation

Read the official WordFence Announcement

2 Million Users Affected by Vulnerability in All in One SEO Pack

No Comments

Sorry, the comment form is closed at this time.