Are exchanged or reciprocal links okay with Google?
Etmagnis dis parturient montes, nascetur ridiculus mus. Donec lorem ipsum dolor sit amet, et consectetuer adipiscing elit. Aenean commodo ligula eget consyect etur dolor.

Contact Info

(+888)-123-4587

121 King St, Melbourne VIC 3000, Australia

info@example.com

Folow us on social

WordPress Gutenberg Template Library Plugin Vulnerability affects +1 million sites

WordPress Gutenberg Template Library Plugin Vulnerability affects +1 million sites

A third-party WordPress Gutenberg Template Library plugin with over one million users was discovered to have two vulnerabilities. Successful exploitation of these vulnerabilities could create an indirect path to a total takeover of the site.

The WordPress plugin, the Gutenberg Template Library & Redux Framework, was discovered by WordPress security firm WordFence to be vulnerable to two specific attacks.

Gutenberg Template Library and Redux Framework WordPress Plugin

This plugin is a library of WordPress Gutenberg blocks that allow publishers to easily build websites using the prefabricated building blocks when creating a website using the Gutenberg interface.

According to the official plugin description:

“Quickly create entire pages in WordPress’ Gutenberg

Leave the Gutenberg editor with our ever-growing library of WordPress blocks and templates. Find out what is possible and implement any design on your site in almost no time at all. ”

Advertising

Continue reading below

WordPress REST API

One of the vulnerabilities is exploiting a less secure code interface with the WordPress REST API. REST API is a feature that allows plugins to communicate with CMS and make changes to the site.

The WordPress REST API developer page describes it like this:

The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON (JavaScript Object Notation) objects.

It is the foundation of WordPress Block Editor, and can also enable your theme, plugin or custom applications to present new, powerful interfaces for managing and publishing your site’s content.

… the most important thing to understand about the API is that it enables the block editor and modern plugin interfaces without compromising the security or privacy of your site. “

Advertising

Continue reading below

Technically, when a plugin interface is securely implemented by plugin encoders, the WordPress REST API does not pose a security issue.

Gutenberg template library and vulnerabilities in the Redux Framework

There are two vulnerabilities. None of these vulnerabilities allow a hacker to take over a website.

However, the vulnerabilities allow attackers to make a number of changes, which could then lead to a total takeover of the site.

The first vulnerability allows an attacker with contributor or author level permissions to install any vulnerable plugin that is in the WordPress archive and from there exploit these vulnerabilities to execute an attack.

The second vulnerability is described as a vulnerability in non-authenticated sensitive information revealed by WordFence.

The word “disapproved” means that the attacker does not have to be logged in to the WordPress site to carry out the attack.

This particular vulnerability allowed an attacker to retrieve sensitive information about the WordPress site. This allows the attacker to identify vulnerable plugins that can be exploited.

According to WordFence:

“This $ support_hash AJAX action, which was also available to unauthenticated users, called the support_args function in redux-core / inc / classes / class-redux-helpers.php, which returned potentially sensitive information, such as the PHP version , active site plugins and their versions and an unsalted md5 hash of the site’s AUTH_KEY and SECURE_AUTH_KEY.

This would be most useful in cases where a separate plug-in was installed with an additional vulnerability, as an attacker could use the information to save time and plan a burglary. ”

Advertising

Continue reading below

Users are encouraged to update their plugins

WordFence strongly encouraged all users of the plugin to update to at least version 4.2.13 of the Gutenberg Template Library & Redux Framework WordPress plugin.

Citation

Read the WordFence message
Over 1 million sites affected by the Gutenberg Template Library & Redux Framework Vulnerabilities

    Leave Your Comment

    Your email address will not be published.*