The security of some 800,000 websites that use WordPress is in jeopardy. The popular complemento All in One SEO, which is used by more than 3 million websites to improve search engine rankings, features two critical vulnerabilities. They have been addressed in a upgrade released on December 7, but webmasters are slow to apply this patch.
Automattic security researcher Marc Montpas discovered security flaws in early December during an internal audit to the All in One SEO plugin. One of the vulnerabilities (CVE-2021-25036) could allow a user with the subscriber role acquires elevated privileges, while the other (CVE-2021-25037) would open the door to databases with private information.
A serious and easy to exploit vulnerability
In order to distribute the capabilities and permissions for each type of user, WordPress sites have different roles. They are administrator, publisher, author, contributor, or subscriber. The latter has only the ability to read entries and leave comments on them, but taking advantage of the vulnerability CVE-2021-25036 could act as administrator of the site and thus control it completely.
In general lines, and without going into technical details that can be consulted in this article of Jetpack, the attacker could use the vulnerable plugin to bypass privilege checks required by the REST API. You would only have to change one character to uppercase in a request. In this way, it could, for example, run malicious code on the server.
The other vulnerability (CVE-2021-25037), which depends on the previous one, could allow the user who raised their privileges to perform a SQL code injection compromising the security of databases. This attack would open the doors to modify their data or extract confidential information, including user credentials.
What to do about the vulnerability of All in One SEO
The aforementioned vulnerabilities affect versions 4.0.0 a 126.96.36.199 All in One SEO plugin. To protect websites, webmasters must install version 188.8.131.52 that can be consulted from this link. It is also recommended to keep all plugins updated to avoid possible security risks.
Via | BleepingComputer