Vulnerability exploitation has been spotted in the wild by WordPress website owners. The initial attack was first reported on October 13. The attackers used vulnerability in plugin to gain administrative privileges on the affected websites.
Vulnerability details
Advisory: SB2018111101 - Privilege escalation in GDPR Compliance plugin for WordPress
Vulnerable component: WP GDPR Compliance
CVE-ID: CVE-2018-19207
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Description:
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the software fail to do capability checks when executing its internal action save_setting
to make such configuration changes when processing arbitrary options and values to this endpoint. A remote attacker can set the users_can_register
option to 1, and change the default_role
of new users to тАЬadministratorтАЭ to simply fill out the form at /wp-login.php?action=register
and immediately access a privileged account, change these options back to normal and install a malicious plugin or theme containing a web shell or other malware to further infect the victim site.
Note: this vulnerability is being actively exploited in the wild.