Bug in WordPress plugin allows unauthorized file upload
Posted on 02 July 2014.
WordPress users who also use the MailPoet plugin are urged to update it as soon as possible, as all versions but the latest one are plagued with a critical flaw that could allow attackers to remotely upload any file on their vulnerable website.

"This bug should be taken seriously," warns Sucuri CTO Daniel Cid, as "it gives a potential intruder the power to do anything he wants on his victim’s website."

The bug can be exploited to use vulnerable websites for phishing lures, sending spam, host malware, infecting other customers (on a shared server), and more.

"Because of the nature of the vulnerability, specifically it’s severity, we will not be disclosing additional technical details," said Cid, adding only that the problem lies "in the fact that the developers assumed that WordPress’s “admin_init” hooks were only called when an administrator user visited a page inside /wp-admin/."

The bug was discovered a few weeks ago, and the MailPoet team has patched it in the latest version of the plugin (v2.6.7, released on Tuesday).

Users of the popular newsletter plugin are advised to update it immediately, but all WP users should keep in mind that regularly updating all the plugins they use is a good idea.

MailPoet has been downloaded by 1.7 million users.


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th