New Unauthenticated WordPress Flaws Leads to Remote Code Execution
WordPress 5.1 suffers from critical Remote Code execution vulnerability
This newly discovered vulnerability is Unauthenticated RCE which increase the severity of the bug to highly critical.
A researcher found Cross-Site Request Forgery (CSRF) vulnerability on the comment function of WordPress, which can be used by the attacker to take over any WordPress site that has comments enabled.
According to the researcher, the attacker makes the comment on the WordPress site which includes a malicious link targeting the site administrator. As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.
WordPress is used by over 33% of all websites on the internet, according to its own download page. Considering that comments are a core feature of blogs and are enabled by default, the vulnerability affected millions of sites.
Brief Detail of the Bug
WordPress didn't CSRF validation when a user posts a new comment, this is because some WordPress features such as trackbacks and pingbacks would break if there was any validation. Now this will make easy for an attacker to create comments in the name of the administrative user.
Now after exploiting the CSRF vulnerability attacker can have the stored Cross-Site Scripting (XSS) vulnerability in the WordPress core. This is because some attributes that usually can’t be set in comments are parsed and manipulated in a faulty way that leads to an arbitrary attribute injection.
.phpof themes and plugins from within the admin dashboard. By simply inserting a PHP backdoor, the attacker can gain arbitrary PHP code execution on the remote server.
What to Do? [PATCH]
RipsTech has reported the issue to WordPress security team and WordPress has fixed the issue on the latest release. By default, WordPress automatically installs security updates, so your WordPress core will automatically get the update to the latest one v5.1.1. The further step you can take is, disable comments if it is not necessary.