Yoast WordPress SEO WordPress Plugin Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
|
SecurityTracker Alert ID: 1031920 |
SecurityTracker URL: http://securitytracker.com/id/1031920
|
CVE Reference:
CVE-2015-2292, CVE-2015-2293
(Links to External Site)
|
Updated: Mar 17 2015
|
Original Entry Date: Mar 13 2015
|
Impact:
Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to versions 1.5.7, 1.6.4, 1.7.4
|
Description:
A vulnerability was reported in Yoast WordPress SEO WordPress Plugin. A remote user can conduct cross-site request forgery attacks to inject SQL commands.
The software does not properly validate user-supplied input. A remote user can create a specially crafted URL that, when loaded by the target authenticated admin, editor, or author level user, will execute SQL commands on the underlying database.
The vulnerability resides in 'admin/class-bulk-editor-list-table.php'.
A demonstration exploit URL is provided:
http://127.0.0.1/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc
The vendor was notified on March 10, 2015.
The original advisory is available at:
https://wpvulndb.com/vulnerabilities/7841
Ryan Dewhurst (WPScan Team - Dewhurst Security) reported this vulnerability.
|
Impact:
A remote user can conduct cross-site request forgery attacks to execute SQL commands on the underlying database.
|
Solution:
The vendor has issued a fix (1.5.7, 1.6.4, 1.7.4).
The vendor's advisory is available at:
https://yoast.com/wordpress-seo-security-release/
|
Vendor URL: yoast.com/wordpress-seo-security-release/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|