{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-005.pdf"
    },
    "title": "UPDATE: Critical Vulnerabilities in WordPress Plugins",
    "serial_number": "2020-005",
    "publish_date": "15-01-2020 14:04:00",
    "description": "Critical vulnerabilities that are affecting two WordPress plugins have been identified. The vulnerabilities affect InfiniteWP Client and the WP Time Capsule plugins and allow a remote attacker to login into an administrator account without password. Vulnerabilities in WP Database Reset allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state.",
    "url_title": "2020-005",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0WordPress\u00a0Plugins'\nversion: '1.1'\nnumber: '2020-005'\ndate: 'January 21, 2020'\n---\n\n_History:_\n\n* _15/01/2020 --- v1.0 -- Initial publication_\n* _21/01/2020 --- v1.1 -- Information on vulnerabilities found in another plugin added_\n\n# Summary\n\nCritical vulnerabilities that are affecting two WordPress plugins have been identified [1, 4]. The vulnerabilities affect **InfiniteWP Client** and the **WP Time Capsule** plugins and allow a remote attacker to login into an administrator account without password. Vulnerabilities in **WP Database Reset** allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state.\n\n# Technical Details\n\nVulnerabilities in InfiniteWP Client and WP Time Capsule exist because of logical issues in both plugins affected. The plugins were missing authorization checks when handling a specially crafted POST request [2]. An attacker that could craft such POST requests would be logged in as an administrator without the need of password.\n\nThe database reset functions in the WP Database Reset plugin were not securely protected with capability checks or security nonces. Without proper security controls in place, the plugin contained a serious flaw that allowed any unauthenticated user the ability to reset any table in the database. This reset would result in a complete loss of data availability.\n\nThe InfiniteWP Client, WP Time Capsule, and  WP Database Reset have according to [3] respectively 300k, 20k, and 80k installations.\n\n# Affected Products\n\nList of all affected products:\n\n* InfiniteWP Client prior to version 1.9.4.5\n* WP Time Capsule prior to version 1.21.16\n* WP Database Reset prior to version 3.15\n\n# Recommendations\n\nIt is recommended to update these plugins to the latest version as soon as possible.\n\n# References\n\n[1] <https://www.theregister.co.uk/2020/01/15/update_wordpress_plugins/>\n\n[2] <https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/>\n\n[3] <https://wordpress.org/plugins/browse/popular/>\n\n[4] <https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/01/2020 --- v1.0 -- Initial publication</em></li><li><em>21/01/2020 --- v1.1 -- Information on vulnerabilities found in another plugin added</em></li></ul><h2 id=\"summary\">Summary</h2><p>Critical vulnerabilities that are affecting two WordPress plugins have been identified [1, 4]. The vulnerabilities affect <strong>InfiniteWP Client</strong> and the <strong>WP Time Capsule</strong> plugins and allow a remote attacker to login into an administrator account without password. Vulnerabilities in <strong>WP Database Reset</strong> allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state.</p><h2 id=\"technical-details\">Technical Details</h2><p>Vulnerabilities in InfiniteWP Client and WP Time Capsule exist because of logical issues in both plugins affected. The plugins were missing authorization checks when handling a specially crafted POST request [2]. An attacker that could craft such POST requests would be logged in as an administrator without the need of password.</p><p>The database reset functions in the WP Database Reset plugin were not securely protected with capability checks or security nonces. Without proper security controls in place, the plugin contained a serious flaw that allowed any unauthenticated user the ability to reset any table in the database. This reset would result in a complete loss of data availability.</p><p>The InfiniteWP Client, WP Time Capsule, and WP Database Reset have according to [3] respectively 300k, 20k, and 80k installations.</p><h2 id=\"affected-products\">Affected Products</h2><p>List of all affected products:</p><ul><li>InfiniteWP Client prior to version 1.9.4.5</li><li>WP Time Capsule prior to version 1.21.16</li><li>WP Database Reset prior to version 3.15</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended to update these plugins to the latest version as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.theregister.co.uk/2020/01/15/update_wordpress_plugins/\">https://www.theregister.co.uk/2020/01/15/update_wordpress_plugins/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/\">https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://wordpress.org/plugins/browse/popular/\">https://wordpress.org/plugins/browse/popular/</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/\">https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}