29 Unrestricted Access JUN 2021 – WP Security Circumvention

Unrestricted Access JUN 2021

Managed WordPress Security Report

Be informed about the latest Unrestricted Access JUN 2021 – WP Security Circumvention, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on any WordPress Security. Consider our FREE security AUDIT.

An jaw-dropping estimated 7.654.600+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. The estimated number can double with premium versions as they are private purchases.

Furthermore, the initial estimation can multiply if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.

It is a 480% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous report here: 25 Unrestricted Access MAY 2021 – WP Security Circumvention and 5 Unrestricted Access Issues – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the Unrestricted Access JUN 2021 – WP Security Circumvention category:

---

• Jetpack – WP Security, Backup, Speed, & Growth – Carousel Non-Published Page/Post Attachment Comment Leak
  • WordPress security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic. Active installations: 5+ million

---

• MC4WP: Mailchimp for WordPress – Authenticated Arbitrary Redirect
  • This plugin helps you grow your Mailchimp lists and write better newsletters through various methods. You can create good looking opt-in forms or integrate with any existing form on your site, like your comment, contact or checkout form. Active installations: 2+ million

---

• Simple 301 Redirects by BetterLinks – Unauthenticated Redirect Import
  • Got “404 not found” errors? Launching a marketing campaign with a new URL? Or relaunching your website with a new URL? Let’s redirect your old URLs to new ones automatically by creating 301 redirects to existing pages. Active installations: 200,000+

---

• Simple 301 Redirects by BetterLinks – Arbitrary Plugin Activation
  • Got “404 not found” errors? Launching a marketing campaign with a new URL? Or relaunching your website with a new URL? Let’s redirect your old URLs to new ones automatically by creating 301 redirects to existing pages. Active installations: 200,000+

---

• Simple 301 Redirects by BetterLinks – Update and Retrieve Wildcard Value
  • Got “404 not found” errors? Launching a marketing campaign with a new URL? Or relaunching your website with a new URL? Let’s redirect your old URLs to new ones automatically by creating 301 redirects to existing pages. Active installations: 200,000+

---

• Simple 301 Redirects by BetterLinks – Unauthenticated Redirect Export
  • Got “404 not found” errors? Launching a marketing campaign with a new URL? Or relaunching your website with a new URL? Let’s redirect your old URLs to new ones automatically by creating 301 redirects to existing pages. Active installations: 200,000+

---

• Simple 301 Redirects by BetterLinks – Arbitrary Plugin Installation
  • Got “404 not found” errors? Launching a marketing campaign with a new URL? Or relaunching your website with a new URL? Let’s redirect your old URLs to new ones automatically by creating 301 redirects to existing pages. Active installations: 200,000+

---

• 404 to 301 – Redirect, Log and Notify 404 Errors – Broken Access Control
  • If you care about your website, you should take steps to avoid 404 errors as it affects your SEO badly. 404 ( Page not found ) errors are common and we all hate it, even Search engines do the same! Install this plugin then sit back and relax. It will take care of 404 errors! Active installations: 100,000+

---

• FileBird – WordPress Media Library Folders & File Manager – Unauthenticated SQL Injection
  • FileBird enhances your media library with clean UI, native icons, smooth drag & drop, advanced sort and organization. Active installations: 100,000+

---

• NinjaFirewall – Authenticated PHAR Deserialization
  • NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress. Active installations: 60,000+

---

• The Plus Addons for Elementor – Arbitrary Reset Pwd Email Sending
  • Collection of 120+ Powerful Elementor Widgets, 18+ Templates, 300+ UI Blocks and Amazing Listing Builder for Post Types to surprise your clients with amazing Websites.

---

• The Plus Addons for Elementor – Open Redirect
  • Collection of 120+ Powerful Elementor Widgets, 18+ Templates, 300+ UI Blocks and Amazing Listing Builder for Post Types to surprise your clients with amazing Websites.

---

• Comments Like Dislike – Add Like/Dislike Bypass
  • Comments Like Dislike is the Free WordPress Plugin to enable Like and Dislike Icons for default WordPress Comments. Choose Thumbs Up or Thumbs Down, Smiley or Frown, Right or Wrong icons or your own custom like dislike icons, choice is yours. Active installations: 6,000+

---

• Multivendor Marketplace Solution for WooCommerce – CSRF Bypass
  • Afraid of launching an Online Marketplace? Well, worry no more WC Marketplace provides you with the best marketplace software, you can get, to kickstart your own virtual eCommerce marketplace. This free WordPress plugin equips you with the best of features that help to create any marketplace of your choice. So, create a website like Amazon, Etsy or Airbnb without any worries. Active installations: 10,000+

---

• SP Project & Document Manager – Authenticated Shell Upload
  • This plugin has been closed as of June 28, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• WooCommerce Stock Manager – CSRF to Arbitrary File Upload
  • WooCommerce Stock Manager allows you manage stock for products and their variables from one screen. Active installations: 30,000+

---

• WP Image Zoom – Local File Inclusion
  • WP Image Zoom is a robust, modern and very configurable image zoom plugin. It allows you to easily create a magnifying glass on your images, all from a very intuitive WP admin interface. Active installations: 20,000+

---

• Multivendor Marketplace Solution for WooCommerce – Unauthenticated Arbitrary Product Comment
  • Afraid of launching an Online Marketplace? Well, worry no more WC Marketplace provides you with the best marketplace software, you can get, to kickstart your own virtual eCommerce marketplace. This free WordPress plugin equips you with the best of features that help to create any marketplace of your choice. So, create a website like Amazon, Etsy or Airbnb without any worries. Active installations: 10,000+

---

• Gallery From Files – Unauthenticated RCE
  • This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Visitors – Unauthenticated Stored Cross-Site Scripting
  • This plugin has been closed as of May 26, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Fancy Product Designer – Unauthenticated Arbitrary File Upload and RCE
  • The #1 Product Designer Plugin for WooCommerce. Fully integrated in the Shopping Cart system of WooCommerce. Supporting all product types: Simple, Variable, Downloadable.

---

• Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress – Unauthenticated Stored Cross-Site Scripting
  • Quiz and Survey Master is the easiest WordPress Quiz Plugin which can be used to create engaging content to drive traffic and increase user engagement. Everything from viral quiz, trivia quiz, customer satisfaction surveys to employee surveys. This plugin is the ultimate marketing tool for your website. Active installations: 40,000+

---

• JoomSport – for Sports: Team & League, Football, Hockey & more – Unauthenticated PHP Object Injection
  • Complex solution to build a sports web site. Developed since 2009 JoomSport offers the features essential for any sports site – sports league standings, sports teams with description and stats, players with their profiles, photos and personal achievements, fixtures analytics and match results with score and game details, and finally all this put into well-structured seasons and leagues. Active installations: 2,000+

---

• BCS BatchLine Book Importer – Unauthenticated Product Import
  • This plugin will import the xml from BatchLine’s web exporter (BatchLine subscription required) and display images from external url. Active installations: 20+

---

• Advanced AJAX Product Filters – Unauthenticated Reflected Cross-Site Scripting
  • WooCommerce AJAX Product Filters – Advanced product filtering ability for your WooCommerce shop. Add unlimited filters with one widget. Active installations: 50,000+

---

• Salon booking system – Unauthenticated Stored Cross-Site Scripting
  • Salon Booking System is a complete and easy to manage appointments scheduling system to help your business getting more reservations on your website and saving a lot of time with your agenda management tasks. Active installations: 8,000+

---

• YOP Poll – Unauthenticated Stored Cross-Site Scripting
  • YOP Poll plugin allows you to easily integrate a survey in your blog post/page and to manage the polls from within your WordPress dashboard but if offers so much more than other similar products. Simply put, it doesn’t lose sight of your needs and ensures that no detail is left unaccounted for. Active installations: 20,000+

---

• Poll, Survey, Questionnaire and Voting system – Unauthenticated Blind SQL Injection
  • It’s not easy to create WordPress Polls(Survey or Questionnaire) for website without coding knowledge. That’s we done our best to help WordPress users and developers to create surveys easily and quickly. Our Quiz and Voting system plugin is the best way to create survey forms for your website. Active installations: 800+

---

• ZoomSounds – WordPress Wave Audio Player with Playlist – Unauthenticated Arbitrary File Upload
  • ZoomSounds is a complete premium audio plugin for WordPress that allows you to build great audio players and playlists. Engage with your audience with Trending, Likes, and awesome features. Fits your branding with a customizable design and great colors. With nine skins to fit every brand, multiple layouts for the wave skin, only one format required to function, ZoomSounds is the perfect choice for an audio player.

BRIEF: Open and Unrestricted Access JUN 2021 to anything within a website is one thing everybody considers to be a total disaster. Many employees have come to rely on the Internet both for work and day-to-day life. As such, they demand unrestricted access at work, and many company bosses have obliged. Without the knowledge to them, however, there may be a risk associated with this.

What is Unauthenticated Insecure Deserialisation?

Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. If the function that is responsible for converting serial data into a structured object assumes that the data is trusted, an attacker may format the serial data in such a way that the result of deserialization is malicious. Unfortunately, many standard deserialization functions in programming languages assume that the data is safe.

What is Unauthenticated Backup Download?

The plugin does not restrict access to a BACKUP file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them.

What is Unrestricted File Upload?

By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website. By doing this, it allows an attacker to inject malicious content such as web shells into the sites, and providing a method for initial access into the system.

What is Login Rate Limiting Bypass?

When the plugin is configured with a custom header in its Trusted IP Origins setting (e.g X-Forwarded-For), attackers could bypass the protection offered by tampering the header sent in requests. When the plugin is configured to accept an arbitrary header as client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does never reach the maximum allowed retries.

What is Improper Authorisation Check?

An attacker could leverage these issues to dump the database including administrative user credentials, to steal cookie-based authentication credentials, or launch other attacks. An anonymous user may create a new dive entry with a crafted HTTP POST.

 

Related Posts to MANAGED WordPress Security: