WordPress before version 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to vulnerable PHP pages.
- The malicious user makes a crafted request against the vulnerable WordPress site.
- The vulnerable WordPress site provides access to the requested file.
The attacker must be able to interact with the vulnerable WordPress installation using arbitrary requests.
This vulnerability allows access to files that the user may not have access to and possibly allow the user to make unauthorized changes to files in the WordPress installation. The PHP code was added to instruct PHP to check if the user in its role has the capability to perform a desired function. This code was added to edit-category-form.php, edit-link-category-form.php, edit-tag, form.php, export.php, import.php, and link-add.php.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
This attack is against a very old version of WordPress. If this incident is generated, it is recommended to review the running version of WordPress. If the version is 2.8.3 or older, it is recommended updating to the latest version.
Upon discovery of an exploit attempt, customers are advised to perform the following actions:
- Determine the running version of WordPress.
- If the running version is 2.8.3 or older, it is recommended that all access to the vulnerable software is blocked.
- Perform a review of Log Manager™, Threat Manager, and WordPress logs to determine the extent of the damage.
- Update WordPress and its associated plugins to the latest version and allow access to the newly updated WordPress installation.