The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

CVE-2022-4699

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CVE-2022-4680

The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4671

The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4667

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4654

The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4651

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4649

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.

CVE-2023-0581: PrivateContent – Changelog | LCweb

Categories: News
Tags: wordpress

Tags:  learnpress

Tags:  vulnerability

Tags:  SQL

Tags:  injection

Tags:  update

Tags:  fix

Tags:  plugin

Tags:  patch

We take a look at reports of a WordPress plugin issue. It's been fixed, but you may need to update!



(Read more...)




The post Update your LearnPress plugins now! appeared first on Malwarebytes Labs.

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site owners still to update.

If you own or operate a website there is a very good chance it uses WordPress. More than 40 precent of websites use a version of it, and it's used on more websites that all other website Content Management Systems (CMS) combined. One of the reasons it's so popular is that it can be easily extended by adding plugins, of which there are tens of thousands.

Provided it is kept up to date and protected by two-factor authentication, WordPress itself is quite secure. Because of that, in recent years threat actors have focussed on exploiting it via vulnerabilities in plugins rather than attacking it directly.

LearnPress is a WordPress plugin used for creating and selling courses online, with extra paid options available for additional features. This is something which would no doubt have been popular over the pandemic, and indeed up to the present day, as companies continue to lean heavily on online and remote services only.

A ripe target, then, for exploitation and targeted attacks.

Somewhere in the region of 100,000 sites make use of the LearnPress plugin, all of which will need to upgrade to LearnPress 4.2.0 if they haven't already.

The vulnerabilities are:

*   CVE-2022-47615, an unauthenticated Local File Inclusion vulnerability that allows remote viewing of local files on a web server, which could lead to API keys, credentials, and other secrets being exposed.
*   CVE-2022-45808 and CVE-2022-45820, a pair of SQL injection vulnerabilities that could result in data modification, code execution, and more.

Patchstack discovered the three issues between the November 30, 2022 and December 4, 2022, with initial outreach on the same day as the first discovery, and subsequent details passed on over the following days. The issues were patched on December 20.

This is a fairly speedy turnaround compared to some of the other timeline notifications we’ve seen for plugins. Indeed, it’s not uncommon to not hear back from a developer at all and discover the plugin has been abandoned. (If you ever find yourself dealing with an abandoned plugin, you’ll need to untangle your site from it, which can cause additional complications and headaches for the site admin.)

Just to reiterate, upgrading your LearnPress install to version 4.2.0 is the way to lock these particular vulnerabilities down. With this done, you shouldn’t have any more concerns.

As for your plugins generally, this may be the perfect time to have a quick spring clean of your site and see which plugins you need and which ones you don’t:

*   **Update existing plugins**. If you use WordPress you can check if you have any plugins that need updating by logging in to your site and going to **Dashboard** > **Updates.** (The **Themes** and **Plugins** menu items will also have red circles next to them if any need updating.) Update everything.
*   **Turn on automatic updates for plugins**. By default, WordPress does not update plugins automatically. You can enable this on a per-plugin basis by going to the **Plugins** screen and clicking **Enable auto-updates** next to each plugin.
*   **Remove unsupported plugins**. Go to the **Plugins** screen and click **View details** for each plugin. This screen shows you the last version of WordPress the plugin was tested with, and when it was last updated. It will also display an alert if it thinks the plugin is no longer supported.
*   Remove unnecessary plugins. Check out how many plugins and themes you have installed on your site. Do you need them all? Can any of them be removed or replaced? Generally, fewer is better.

If you can’t make enough time available to keep on top of theme and plugins, don't let not doing it become an option: Pay somebody to do it for you.

Stay safe out there!

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Update your LearnPress plugins now!

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

Tag

#wordpress