Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

WordPress Ad Inserter Plugin < 2.4.22 Remote Code Execution Vulnerability

Information

Severity

Severity

Critical

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

9.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Share

Summary

The Wordpress plugin Ad Inserter is prone to an authenticated remote code execution vulnerability.

Insight

Insight

The vulnerability stems from the use of the check_admin_referer() for authorization, when it was specifically designed to protect WordPress sites against cross-site request forgery (CSRF) exploits using nonces - one-time tokens used for blocking expired and repeated requests. Authenticated attackers who get their hands on a nonce can bypass the authorization checks powered by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin. Once the attacker has a nonce at his disposal, he can immediately trigger the debugging feature and, even more dangerous, exploit the ad preview feature by sending a malicious payload containing arbitrary PHP code.

Affected Software

Affected Software

WordPress Ad Inserter plugin before version 2.4.22.

Solution

Solution

Update to version 2.4.22 or later.

References