WordPress is a popular CMS (Content Management System) targeted by most prominent hackers around the world. The WordPress team works hard on each Wordpress version release to enhance the security of the application. On the other side, hawkers work hard day in and out to bypass the security measures put in place to secure the application. This time a vulnerability has been discovered which allows an attacker to take full control over a site. The vulnerability resides in one of the core functions of WordPress that runs in the background when a user permanently deletes thumbnail of an uploaded image.
Researchers found that the thumbnail delete function accepts unconstrained user input, which if tempered, could allow users with limited-privileges of at least an author to delete any file from the web hosting, which otherwise should only be allowed to server or site administrator. The requirement of at least an author account automatically reduces the severity of this flaw to some extent, which could be exploited by a rogue content contributor or a hacker who somehow gains author’s credential using phishing (A fraudulent attempt to obtain sensitive information such as usernames, passwords), password reuse or other attacks.
Besides this, deleting “wp-config.php“ file, one of the most important configuration files in WordPress installation that contains database connection information could force entire website back to the installation screen, allegedly allowing the attacker to reconfigure the website from the browser and take over its control completely.
However, it should be noted that since the attacker can’t directly read the content of “wp-config.php” file to know the existing “database name,” “mysql username,” and its “password,” he can re-setup the targeted site using a remote database server in his control.
In a proof-of-concept video published by the researchers, as shown below, the vulnerability worked perfectly as described and forced the site to re-installation screen.
However, as of now, website administrators should not panic due to this vulnerability and can manually apply a hot-fix provided by the researchers.
We expect the WordPress security team would patch this vulnerability in the upcoming version of its CMS software.
Feel free to add a comment below and your suggestions on how this vulnerability could be handled.