Security researchers have discovered two critical vulnerabilities in the PageLines and Platform themes in WordPress.
The vulnerabilities could allow an attacker to gain admin privileges to your websites.
The researchers also discovered that there is another security bug in Platform. This bug allows an attacker to remotely execute code. This could lead to attackers gaining full privilege on your website.
Attackers can gain elevated rights through the WordPress Ajax hook.
Both themes rely on a WordPress Ajax hook to make option changes. When a user logs into the website, the hook allows them to overwrite the settings in the WordPress options database table. So, an attacker could gain admins rights by changing the “default_role” value to admin. The vulnerability affects all versions of the two themes except PageLines 1.4.6 and Platform 1.4.4.
Remote code execution glitch in Platform.
A less common method for importing backups of the Platform theme settings caused the remote execution security issue affecting Platform.
“the theme inserts the backup file into the theme’s execution context using a call to the include() PHP function. As this may not necessarily be a vulnerability by itself (we don’t know yet if we can actually trigger this piece of code as an unauthenticated user), we decided to backtrace the issue, finding that the function using this code was called from another function called pagelines_register_settings().”
Marc-Alexandre Montpas – Sucuri
An attacker could create code that would grant admin privileges, as the function is hooked to admin_init. Cybercriminals haven’t exploited any of the glitches, yet. If you think that you mat be affected, then the next action you must take is to get your themes up to date.
Call a Reconnix consultant on 08454210444 or email us: info@reconnix.com to see how we can help.
Contact Us