fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

WordPress Plugin With 5 Million Installs Has A Critical Vulnerability

WordPress Plugin With 5 Million Installs Has A Critical Vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Unrestricted file upload

This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7’s filename sanitization protections when uploading files.

An attacker can upload a crafted file with arbitrary code on the vulnerable server using the plugin.

Then, by exploiting this severe vulnerability, the file can be executed as a script by the attacker to run the code within.

“Contact Form 7 5.3.2 has been released. This is an urgent security and maintenance release. We strongly encourage you to update to it immediately,” reads the project’s security advisory.

The vulnerability has been discovered and reported by Jinson Varghese Behanan, an information security analyst with Astra Security.

“The vulnerability was found while we were doing a security audit for a client,” said the analyst.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

“Seeing the criticality of the vulnerability and the number of WordPress websites using this popular plugin, we quickly reported the vulnerability. The developer was even quicker in issuing a fix. Kudos to the Contact Form 7 team for leading by example,” Behanan told BleepingComputer.

Double-extension attacks possible

As observed by BleepingComputer, the issue occurs in the includes/formatting.php file which is part of the Contact Form 7 plugin code.

In the vulnerable versions, the plugin does not remove special characters from the uploaded filename, including the control character and separators.

This could potentially allow an attacker to upload a filename containing double-extensions, separated by a non-printable or special character, such as a file called “abc.php    .jpg.” 

The separator between the two extensions, in this example, is a tab (\t) character.

To the client-side interface of Contact Form 7, this may appear to be an image file (*.jpg).

When uploaded to the server, however, Contact Form 7 will likely parse the filename up until the first extension and discard the second one due to a separator.

The new filename would therefore become “abc.php,” a PHP script, which the attacker can now access, to execute arbitrary code on the server.

The fix made by the project, shown below, contains a regex-based validation to catch cases like this:

Fix for Contact Form 7 file upload vulnerability
Fix made for Contact Form 7 unrestricted file upload vulnerability
Source: GitHub

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

This is not the first instance of a serious double-extension vulnerability lurking in blogging and CMS platforms.

Last month, Drupal sites were found to have a double extension file upload vulnerability. 

April this year, a NodeJS module could be exploited to achieve remote code execution via file uploads.

The patched version 5.3.2 of the plugin can be downloaded from WordPress. Users of Contact Form 7 are advised to apply this urgent update immediately.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us