fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Loginizer WordPress Vulnerability Affects +1 Million Sites

Loginizer WordPress Vulnerability Affects +1 Million Sites

Popular WordPress security plugin Loginizer patched two security issues, including a SQL Injection.

WordPress Loginizer Plugin has issued a security patch for a vulnerability that could allow a hacker to modify a database through an Unauthenticated SQL Injection exploit.

This kind of exploit, also known as a Blind SQL Injection, relies on entering data into an input in order to trigger an error response. In this case the input is a username.

The Loginizer WordPress plugin didn’t have a way to sanitize the input, which means it didn’t have a way to compensate for an erroneous input. This caused the plugin to create an error situation.

According to the WPScan description of the Loginizer exploit

“The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. When a user attempts to login with an unknown username, the attempt is logged in the backend database, where the username, as well as other parameters, are not properly validated before being placed within the SQL query.”

The security researcher who discovered the vulnerability published a walkthrough of the Loginizer exploit, showing how an error response can be used to reach areas of the plugin that relate to it’s functionality. It is there that the hacker can see vulnerable to a SQL injection.

The researcher described it like this:

…via function definition we see how raw $username reaches the plugin functionality… Also in this function there are calls towards DB with not sanitized DB parameters… and we see the places that are vulnerable of SQLi based on user login data.”

The walkthrough continues with the proof of concept and concludes:

…And that is it, more than easy and detailed about SQLi + XSS via $username.”

Also Read: MAS Technology Risk Management Guidelines

Stored XSS Vulnerability

The problem with Loginizer isn’t limited to the SQL injection vulnerability. This isn’t just one issue, it’s two issues.

The second exploit is called a Stored Cross Site Scripting (Stored XSS) vulnerability. This is a particularly bad version of an XSS vulnerability.

With this kind of exploit a hacker can typically directly inject malicious files and then exploit the WordPress site and/or users. In general, a malicious file can be served to site visitors browser.

Loginizer Changelog

A changelog is a log of all the changes that a software developer makes to a software. When you update a plugin, WordPress gives you the opportunity to click and see a description of what those changes are. Those descriptions are from the changelog. All WordPress plugin developers have a running changelog in the WordPress plugin repository and also often on their website.

According to the official Loginizer changelog, this issue affects versions prior to the latest, which is Loginizer version 1.6.4.

The Loginizer plugin changelog describes the two patches like this:

[Security Fix] : A properly crafted username used to login could lead to SQL injection. This has been fixed by using the prepare function in PHP which prepares the SQL query for safe execution.

[Security Fix] : If the IP HTTP header was modified to have a null byte it could lead to stored XSS. This has been fixed by properly sanitizing the IP HTTP header before using the same.”

Loginizer should be commended for be forthright about describing the issue in their changelog.

Screenshot of Loginizer Plugin Changelog

Screenshot of official Loginizer WordPress plugin changelog

Some plugin publishers try to hide that an update is a security fix by using technical jargon and not mentioning that there is a security fix.

Being honest about what the update is about, the way Loginizer does, is a sign of a good plugin developer.

Also Read: How PII Data Works In Businesses And Its Advantages

WordPress Auto Update

WordPress triggered a forced auto update. Most sites running this plugin, up to 89%, should have had their plugin successfully updated.

It is highly recommended that all WordPress publishers who use the Loginizer security plugin to check which version of the plugin they are using and to udpate it immediately if it has not already done so.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us