Privilege Escalation vulnerability was identified on August 10, 2023 by Wordfence Threat Intelligence team in the Donation Forms by Charitable plugin, which is actively deployed across more than 10,000 WordPress websites. This vulnerability allows unauthorized attackers to gain administrative privileges by manipulating user roles during registration.
Swiftly addressing the threat, a firewall rule was immediately issued to Wordfence Premium, Wordfence Care, and Wordfence Response users on August 10, 2023. These measures offer protection against potential exploitation of the vulnerability. Users who rely on the free version of Wordfence will also receive this safeguarding feature, set to be implemented on September 9, 2023.
Engaging the WP Charitable Team
Initial attempts to contact the WP Charitable Team via email on August 10, 2023, did not yield a response. Subsequently, communication was established through a contact form on their website on August 16, 2023, with a response received on the same day. After comprehensive disclosure, the developer expedited a patch release on August 17, 2023.
Urgent Update: Secure Your Website
Users are strongly advised to promptly update their websites to the latest patched version of Charitable, currently version 188.8.131.52.
Potential Compromises and Impact
The implications of this Privilege Escalation vulnerability are significant. Once an attacker gains administrative user access to a WordPress site, they acquire the authority to manipulate all aspects of the targeted site, similar to a regular administrator. This includes potentially malicious activities such as uploading plugin and theme files containing backdoors, as well as altering content to redirect users to harmful sites.
Technical Details: Vulnerability Exposed
The Charitable plugin for WordPress, encompassing versions up to and including 184.108.40.206, exposes itself to privilege escalation. This is due to an inadequate restriction on the ‘update_core_user’ function. This flaw enables unauthenticated attackers to specify their user role by providing the ‘role’ parameter during the registration process.
Insecure Registration Mechanism
Charitable, renowned for its facilitation of donation forms and fundraising campaigns within WordPress, includes a shortcode ([charitable_registration]) for custom registration. However, the insecure implementation of the registration functionality enables users to introduce arbitrary parameters during account creation. A lack of a predefined list of user parameters or a banned list of hazardous parameters permits the registration of an administrator user through the ‘role’ parameter, specifying the desired role such as ‘administrator’.
Potential Consequences and Mitigation
As with other Privilege Escalation vulnerabilities, this flaw could lead to complete site compromise. If an attacker gains administrative user access to a WordPress site, they wield the ability to manipulate all elements. These includes uploading potentially malicious plugin and theme files and altering content to redirect users to malicious sites.
Addressing the Vulnerability
Additionally, the Privilege Escalation vulnerability identified in the Donation Forms by Charitable plugin, affecting versions 220.127.116.11 and earlier. This vulnerability enables unauthenticated threat actors to elevate their privileges to administrator status, potentially leading to complete site compromise. The vulnerability has been effectively addressed in version 18.104.22.168 of the plugin.
Securing Your Website
The verification of whether their sites have been updated to the latest patched iteration of Charitable is strongly recommended for WordPress users.
Timely Protections for Users
On August 10, 2023, Wordfence Premium, Wordfence Care, and Wordfence Response users were furnished with a firewall rule to counter any attempts to exploit this vulnerability. Users employing the free Wordfence version will receive the same protection by September 9, 2023.
Spread the Word: Protect Others
If you are aware of anyone utilizing the Charitable plugin on their site, it is strongly encourage sharing this information. By doing so, you contribute to the collective security of WordPress websites, as this vulnerability poses a significant and immediate threat.
- Lordfrancis3 is a member of PinoyLinux since its establishment in 2011. With a wealth of experience spanning numerous years, he possesses a profound understanding of managing and deploying intricate infrastructure. His contributions have undoubtedly played a pivotal role in shaping the community's growth and success. His expertise and dedication reflect in every aspect of the journey, as PinoyLinux continues to champion the ideals of Linux and open-source technology. LordFrancis3's extensive experience remains an invaluable asset, and his commitment inspires fellow members to reach new heights. His enduring dedication to PinoyLinux's evolution is truly commendable.
- Software and TechnologySeptember 18, 2023Nginx Reverse Proxy with Redis for Rate Limiting and Queues for Performance Optimization
- System AdminstrationAugust 27, 2023Automating Yourself Out of Your Job
- Privacy and SecurityAugust 22, 2023Security Alert: Privilege Escalation Vulnerability Impacts Over 10,000 Charitable WordPress Sites
- ServersAugust 14, 2023Why Red Hat Abandoned CentOS 7 and the Best Alternatives