Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]

More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections.

More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for WordPress that count more than 1,300,000 downloads. The exploitation of the security flaw could allow an attacker to guess the value of the secret key the plugin uses to sign data sent to and from the user.

WP-Slimstat wordpress plugin 2

The security issue was discovered by Marc-Alexandre Montpas, a researcher with the firm Sucuri, during a routine audit.

All the WP-Slimstat versions prior to the latest release 3.9.6 are affected by the security issue. If an attacker is able to guess the secret key could run a series of blind SQL injection attacks and access data contained in the database of the WordPress instance, including user credentials, hashed passwords and WordPress Secret Keys.

“This bug can be used by any visitor browsing the vulnerable website. If your website uses a vulnerable version of the plugin, you’re at risk. Successful exploitation of this bug could lead to Blind SQL Injection attacks, which means an attacker could grab sensitive information from your database, including username, (hashed) passwords and, in certain configurations, WordPress Secret Keys (which could result in a total site takeover).” wrote in a blog post Marc-Alexandre Montpas.

The key was really a hashed version of the plugin’s installation timestamp. To guess the key, an attacker have to visit a website that caches information about when sites were put online, like the Internet Archive.

“An attacker could use sites like Internet Archive to approximately guess what year the site was put online (which would leave us with approx. 30 million values to test, something doable within 10 minutes with most modern CPUs).” states the post.”The only piece missing to be able to bruteforce the site’s timestamp is valid, signed, information coming from the plugin to compare our generated signatures with.”

In this specific case of Blind SQL attack, an attacker brute forces site timestamps until it gets the same combination of characters from the affected site’s homepage. Montpas urges the administrators of websites using the WP-Slimstat to update plugin as soon as possible.

“The security of our users’ data is our top priority, and for this reason we tightened our SQL queries and made out encryption key harder to guess,” explained the plugin’s author, Camu.

Pierluigi Paganini

(Security Affairs –  WordPress plugin, hacking)