Wordpress found few vulnerabilities: Know how to fix them

Two vulnerabilities have been found in the WordPress plugin that was installed on over 1,00,000 websites. WordPress Download Manager, the plugin is used to change how download pages are displayed.

The Wordfence Threat Intelligence team found the vulnerabilities.

WordPress Download Manager has some protections in place to protect against directory traversal, they did not prove to be sufficient in this particular case, leading to a contributor with lower privileges being able to retrieve the contents of a site’s wp-config.php file by adding a new download and performing a directory traversal attack.

The contents of the wp-config.php were visible in the page’s source code upon previewing the download and as the contents of the file were echoed out onto the page source, a user with author-level access could also upload a file or multimedia containing malicious JavaScript and set the contents of the file to the path of the uploaded file which could result in Stores Cross-Site Scripting.

Earlier, the WordPress Download Manager team had patched a vulnerability that allowed users to upload files with php4 extensions as well as other potentially malicious files. But reports stated that this patch protected many configurations, it only checked the last file extension that made it possible for an attacker to carry out a “double extension” attack by uploading a file with multiple extensions like info.php.png.

Website owners who use WordPress are advised to update to the latest version immediately as the WordPress team and developers have released a patch.