Thursday, February 22, 2024

Critical security breach in popular WordPress plugin impacts over 200,000 installations

In a recent revelation by Wordfence, a critical security flaw has been discovered in the MW WP Form plugin, affecting versions up to 5.0.1. This vulnerability allows unauthorised individuals to upload arbitrary files, including potentially harmful PHP backdoors. These files can be executed on the server, presenting a significant security risk.

Understanding the MW WP Form plugin

The MW WP Form plugin is famous for creating forms on WordPress websites. It uses a shortcode builder, making it straightforward for users to and customise forms with various fields and options. A key feature of this plugin is its file upload capability, facilitated by the [mwform_file name= “file”] shortcode. Unfortunately, this feature has become the focal point of the vulnerability.

The nature of the vulnerability

Termed as an Unauthenticated Arbitrary File Upload Vulnerability, this security flaw allows hackers to upload dangerous files to a without needing registration or authorisation. Such vulnerabilities can escalate to remote code execution, where the uploaded files are executed on the server, potentially allowing attackers to compromise the website and endanger visitors.

The advisory from Wordfence pointed out a defect in the plugin's file type check mechanism. While it can detect unsafe file types, a runtime exception allows these files to be uploaded regardless. This oversight enables attackers to upload and activate arbitrary PHP files on the server.

Conditions for a successful attack

This vulnerability poses a significant risk, particularly if the “Saving inquiry data in database” option in the plugin settings is enabled. It has been rated as critically severe, scoring 9.8 out of 10.

Wordfence strongly recommends users of the MW WP Form plugin update to the latest version, 5.0.2, where this issue has been addressed. This advice is especially pertinent for users who have activated the “Saving inquiry data in database” option, as the vulnerability does not require any special permissions to be exploited.

Users should refer to the full Wordfence advisory for comprehensive details and guidance.

Tech Edition has partnerships that involve sponsored content. While this financial support helps us with daily operations, it doesn't affect the integrity of our reviews. We remain committed to delivering honest and insightful content to our readers.

Tech Edition is now on Telegram! Join our channel here and catch all the latest tech news!

Nurin Sofia
Nurin Sofia
Nurin Sofia is a news editor at Tech Edition. Her interest is in technology and startups, occasionally crunching news for gaming. Sofia enjoys playing video games, going on bike rides, and gardening when she isn't behind a keyboard.

Featured Article

Samsung Galaxy S24 Ultra: A technological marvel redefined

Discover the Samsung Galaxy S24 Ultra: A powerhouse of innovation with a Snapdragon 8 Gen 3 processor, 6.8-inch Dynamic AMOLED display, and a 200MP camera setup. Experience next-level photography, performance, and AI features.

Read more

- Advertisement -

Related Stories