WordPress ‐ Cross‐Site Request Forgery (CSRF) vulnerability

  • CERT Admin
  • Mon Mar 18 2019
  • Alerts

Systems Affected 

WordPress versions prior to 5.1.1

Threat Level

High

Overview 

Allows an attacker to mount cross-site request forgery (CSRF) attack and gain remote code execution.

Description 

CSRF issue resides in the WordPress comment section which is one of the core component of the content manage system that comes enabled by default and affects all WordPress installation prior to version 5.1.1. The exploit allows an unauthenticated remote attacker to mount remote code execution and finally gain the full site take-over.

Issues identified within WordPress
  ✦  WordPress doesn't use CSRF validation when a user posts a new comment, allowing attackers to post comments on behalf of an administrator.
  ✦  Comments posted by an administrator accounts are not sanitized can include arbitrary HTML tags, even SCRIPT tags.
  ✦  WordPress frontend is not protected by X-Frame-Options header.

Impact 

  ✦  Successful exploitation on WordPress websites and full takeover of the affected websites.

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.

References 

https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-cross-site-request-forgery-csrf-to-remote-code-execution-exploitation-in-wordpres
https://thehackernews.com/2019/03/hack-wordpress-websites.html

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind.
 

Last updated: Mon Mar 18 2019