Contact Kind 7, a well-liked WordPress plugin utilized in over 5 million web sites, was discovered to be susceptible to an unrestricted file add vulnerability which might enable anybody to add arbitrary recordsdata to the web site below sure situations. Jinson Varghese Behanan, a safety researcher from Astra Safety discovered the vulnerability which impacts variations 5.3.1 and beneath, and disclosed it to the plugin developer on December 16. Model 5.3.2 fixing the difficulty was launched the very subsequent day. From the plugin’s WordPress web page, it may be seen that solely 35% of the full energetic installations have up to date to the most recent model on the time of publishing this text.
Because of this motive, technical particulars concerning the exploit hasn’t been shared. On analysing the patch utilized within the replace, the vulnerability appears to happen inside the filename validation verify within the plugin. Inserting sure particular characters in a double extension filename (webshell.php.jpg) appears to bypass the validation checks current within the earlier variations and thus consequence within the add of executable recordsdata to the server. This permits anybody to add a malicious file like an internet shell to the server, supplied that the web site has file add characteristic enabled in Contact Kind 7. Vulnerabilities related to plugins have lengthy been the first method for many WordPress hacks. Contact Kind 7, which is among the most used plugins, if not probably the most, is believed to be put in on round 10 million WordPress web sites. Because of this, the results of being susceptible to unrestricted file add contains full system takeover, web site defacement, and so forth. CVE-2020-35489 was assigned to the vulnerability which has been given a CVSS rating of 10.0, contemplating its crucial nature.
Jinson, who has discovered such crucial vulnerabilities in different WordPress plugins in addition to a number of standard industrial software program, reported that regardless that the particular necessities for a profitable exploit narrows down the variety of affected web sites, it’s nonetheless really useful that every one customers replace the plugin to the most recent model.