A vulnerability that allows hackers to access usernames and passwords and perform remote code execution exploits in All In One SEO Plugin has been discovered by security researchers from Jetpack. These vulnerabilities depend on each other in order to be successful.
The first vulnerability which allows a user with a low lever access privilege to raise their privilege level to have more access privileges (subscriber to administrator) is called Privilege Escalation Attack. The security researchers described this vulnerability as severe and can provide access to privileged information such as username and passwords, from the site’s database.
One of the exploits is the Authenticated Privilege Escalation which exploits the WordPress REST API and allows the attacker to access the usernames and passwords in the database. The problem with the plugin is that, the security checks that verify if a user accessing an API endpoint has the right privilege credentials.
According to Jetpack:
“the privilege checks which was applied in All in One SEO to secure REST API endpoints contained a very subtle bug that could’ve granted users with low-privileged accounts access to every single endpoint the plugin registers.”
The second exploit is the Authenticated SQL injection which relies on an attacker having some user credential. The SQL injection is the exploitation of an output with an unexpected series of code or characters. This enables providing access to the hacker.
Do you use All In One SEO in your WordPress site? If so, make sure that your plugin is updated to the latest version as this is the safest version. The vulnerability affects older version – versions 4.0.0 to 220.127.116.11.
It is always good practice to make sure that your plugins are updated to the latest version to ensure that you have the best version of the plugin and that it has all the updated security features that would prevent hacking and malware attacks.