{"id":5915,"date":"2015-05-05T06:15:25","date_gmt":"2015-05-05T06:15:25","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=5915"},"modified":"2020-01-08T07:42:06","modified_gmt":"2020-01-08T07:42:06","slug":"wordpress-a-new-critical-flaw-is-housed-in-the-comments","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/","title":{"rendered":"WordPress: a New Critical Flaw is Housed in the Comments"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5916 aligncenter\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2015\/05\/cover-disqus.png\" alt=\"cover-disqus\" width=\"607\" height=\"334\" srcset=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2015\/05\/cover-disqus.png 607w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2015\/05\/cover-disqus-300x165.png 300w\" sizes=\"auto, (max-width: 607px) 100vw, 607px\" \/><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#_Introduction\" >\u00a0Introduction:<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#Concerned_Issue\" >Concerned Issue:<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#Version_updated_on_28_April_with_the_release_of_patch_421\" >Version updated on 28 April with the release of patch 4.2.1<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#Mechanism_of_Attack\" >Mechanism of Attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#14_Months_to_Fix_a_Bug%E2%80%A6\" >14 Months to Fix a Bug\u2026<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/#Conclusion\" >Conclusion:<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n<h4><span class=\"ez-toc-section\" id=\"_Introduction\"><\/span>\u00a0Introduction:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li style=\"text-align: justify;\">A cross-scripting attack on the WordPress site exposes a takeover by an attacker and this is just the latest in a long line fault. The security policy of WordPress is being criticized by many.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Concerned_Issue\"><\/span>Concerned Issue:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Version_updated_on_28_April_with_the_release_of_patch_421\"><\/span><strong>Version updated on 28 April with the release of patch 4.2.1<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">A new critical flaw affects WordPress, the most popular CMS or we can say the most famous website builder tool, used by 23% of the websites from all over the World. While most of the faults affecting this platform due to the plugin editor (it is sufficient to disable pending a fix option). The vulnerability in question discovered by Jouko Pynnonen, Finnish security expert, touches the heart of the platform in its 4.2 and previous versions.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Mechanism_of_Attack\"><\/span>Mechanism of Attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li style=\"text-align: justify;\">The attack is based on a vulnerability called as cross-scripting (XSS), which effects from the way MySQL truncate the data. It allows injecting JavaScript into WordPress comment (at least 66,000 characters). When this infectious comment is approved by logged in administrator, the attack unfolds a server side (via plugin editor and themes), allowing to inject code at the heart of WordPress sites. The attacker then can create a new administrator account, change passwords or publish unapproved content. The vulnerability does not affect the reader of a WordPress site.<\/li>\n<\/ul>\n<ul>\n<li style=\"text-align: justify;\">Admittedly, this mechanism requires the approval for comment restricted by an administrator if WordPress has retained on its default settings. But with some settings of the platform, the attacker may also post an innocent comment first to be approved by an administrator to open the door for infectious comments so next comment will not have to be validated.<\/li>\n<\/ul>\n<ul>\n<li style=\"text-align: justify;\">In his blog post, Jouko Pynnonen advises, disabling \u2018pending a fix\u2019 will simply turn off the comments. Presides over the destinies of the platform, WordPress has released an emergency update, i.e. 4.2.1, stopping the vulnerability and recommends to rapidly upgrade application with the latest patch.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"14_Months_to_Fix_a_Bug%E2%80%A6\"><\/span>14 Months to Fix a Bug\u2026<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li style=\"text-align: justify;\">A few days earlier, WordPress has corrected another bug discovered in February 2014 by researcher Cedric Van Bockhaven related to with affecting comments. This vulnerability also operated the way MySQL truncate the information, this time after special characters. The patch corrects this flaw to execute code on the server in WordPress 4.2.1, introduced on 21 April 2015.<\/li>\n<li style=\"text-align: justify;\">It is precisely 14 months between the discovery of the flaw and the release of the patch that promoted Jouko Pynnonen to publicly unveil the new vulnerability (known of the full disclosure policy). Unlike Cedric Van Bockhaven that has detailed the mechanism of the attack after the availability of the patch.<\/li>\n<li style=\"text-align: justify;\">During this period all the WordPress servers using default settings for the comment system were easily hackable, said by Finnish researcher. It seems that the risk of WordPress users will be less and quickest fix to get away with a policy of full disclosure. The fact seems to prove him right since this time he has been quick to respond, probably helped by the proximity of attack mechanisms used by Cedric Van Bockhaven and Jouko Pynnonen.<\/li>\n<li style=\"text-align: justify;\">However, the advantage of the Finns revelation about XSS knocked the developers of the platform before publishing any newer version. Jouko Pynnonen says, he has already informed another vulnerability to WordPress platform developers last November, but its hotfix is still not available. According to the researcher, the WordPress teams had offered no explanation why the bug is still not fixed. He further says that all versions of WordPress are affected by this third flaw as well.<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>It is advisable to turn off comments till bugs\u2019 free version of WordPress is available to use officially. You can also consider our <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><span style=\"text-decoration: underline;\"><strong>ESDS VTMScan<\/strong> <strong>vulnerability web scanner<\/strong><\/span><\/a> to test your WordPress website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Introduction: A cross-scripting attack on the WordPress site exposes a takeover by an attacker and this is just the latest in a long line fault. The security policy of WordPress is being criticized by many. Concerned Issue: Version updated on 28 April with the release of patch 4.2.1 A new critical flaw affects WordPress, the&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/wordpress-a-new-critical-flaw-is-housed-in-the-comments\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":24,"featured_media":5916,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1293,1292],"class_list":["post-5915","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-wordpress-vulnerability-exploit","tag-wordpress-vulnerability-fix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/5915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=5915"}],"version-history":[{"count":18,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/5915\/revisions"}],"predecessor-version":[{"id":11192,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/5915\/revisions\/11192"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/5916"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=5915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=5915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=5915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}