Three critical vulnerabilities have been discovered in the Forminator plugin for WordPress, affecting over 300,000 websites. Barracuda MSP advises users to review this Cybersecurity Threat Advisory in detail to learn proper measures for safeguarding your websites.
What is the threat?
The Forminator WordPress plugin has three critical vulnerabilities: CVE-2024-28890 (CVSS score of 9.8), CVE-2024-31077, and CVE-2024-31857. Below are the technical details behind each vulnerability:
CVE-2024-28890 – File upload vulnerability:
- This vulnerability arises from insufficient validation of files during the upload process. A remote attacker can exploit this flaw to upload and execute malicious files on the server hosting the vulnerable WordPress site.
- By uploading and executing these files, attackers can gain unauthorized access to sensitive information stored on the server, potentially leading to data breaches or system compromise.
CVE-2024-31077 – SQL injection vulnerability:
- This vulnerability allows remote attackers with admin privileges to execute arbitrary SQL queries in the site’s database.
- By exploiting this flaw, attackers can manipulate the site’s database, extract sensitive information, or even modify its content.
- SQL injection attacks pose a significant risk as they can lead to data loss, unauthorized access, or complete compromise of the affected WordPress site.
CVE-2024-31857 – Cross-site scripting (XSS) vulnerability:
- This vulnerability enables remote attackers to execute arbitrary HTML and script code in a user’s browser by tricking them into following a specially crafted link.
- Attackers can exploit this flaw to steal session cookies, redirect users to malicious websites, or perform actions on behalf of authenticated users.
- Cross-site scripting attacks can compromise the confidentiality, integrity, and availability of the affected WordPress site, leading to various security and privacy issues.
These vulnerabilities enable malicious actors to conduct unrestricted file uploads to the server, potentially allowing them to inject malware onto sites using the plugin. The potential exploitation of these vulnerabilities poses significant risks as attackers can infiltrate server files, modify website content that uses the Forminator plugin, and initiate denial-of-service (DoS) attacks.
Why is it noteworthy?
These vulnerabilities are significant due to the widespread usage of WordPress and the Forminator plugin. The impact of these could be substantial, leading to data breaches, website defacement, or other malicious activities. Furthermore, the ease of exploitation and the severity of potential consequences make these threats noteworthy.
What is the exposure or risk?
Organizations using the Forminator plugin on their WordPress websites are at risk of exploitation if they fail to apply the necessary security patches promptly. The vulnerabilities allow attackers to execute arbitrary code on the affected websites. This can potentially lead to data theft, website compromise, or disruption of services. Since the exploit requires no authentication, any internet-facing WordPress site using the vulnerable plugin could be targeted. This increases the exposure and risk to a wide range of organizations.
What are the recommendations?
Barracuda MSP recommends taking the following measures to mitigate your potential impact:
- Update the Forminator plugin to the latest patched version to fortify defenses against potential exploits.
- Monitor website activity for any signs of suspicious behavior or unauthorized access attempts.
- Implement robust access controls and authentication mechanisms to restrict unauthorized access to sensitive areas of your WordPress website, reducing the risk of exploitation.
- Deploy web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) with proactive monitoring such as Barracuda XDR Network Security for continuous protection.
- Empower website administrators and users with knowledge about the importance of timely software updates and adherence to security best practices.
Reference
For more in-depth information about the recommendations, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.