Security researchers from SonarSource have detected a critical security vulnerability impacting the WordPress 5.7 platform that could have facilitated a potential remote cyberattack to steal sensitive, vital information.
Tracked as CVE-2021-29447, the vulnerability is a critical XXE bug that can help malicious attacks to gain remote access to a targeted site.
What is an XXE Attack?
XXE stands for XML External Entity attack is a type of attack against an application that parses XML(Extensible Markup Language) input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Critical WordPress XXE Vulnerability:
The blog post regarding WordPress’s security vulnerability noted that the only requisite for the bug to be exploited was a treat actor having unauthenticated access to the target website.
Subsequently, the threat actor could effortlessly retrieve arbitrary files from the server or initiate SSRF i.e server side request forgery attacks.
While the security vulnerability may be critical, it is mitigated by the assertion that the threat actor has file upload permissions on the target website.
However, this is speculative since experts are of the opinion that the vulnerability can be combined with another flaw to initiate malicious activities and attacks.
The other mitigation comes from the conviction that for successful exploitation, the target site should specifically run on PHP 8.
Patching multiple security bugs in the update:
When WordPress was notified about the XXE vulnerability by the Sonarcource researchers, the developers deployed a security update for the bug accordingly.
The vulnerability update was issued in WordPress 5.7.1
The update also comes with a security fix for a data-leak vulnerability in the REST API of the platform which was reported by security researcher Mikael Korpela.
WordPress has also addressed 24 other bugs with the latest release. Hence, users of WordPress 5.7 have been recommended to install the updated WordPress 5.7.1 to mitigate any risks.
It was found that the bugs also impacted the previous WordPress versions and since several users are still using WordPress 4.7, security fixes for the 4.7 versions have also been deployed.