A high-severity vulnerability was found and patched within the All-in-One WP Migration and Backup plugin, which has over 5 million installations. The vulnerability requires no consumer authentication, making it simpler for an attacker to compromise an internet site, however that is mitigated by a restricted assault methodology.
The vulnerability was assigned a severity ranking of seven.5 (Excessive), which is beneath the very best severity degree, labeled Important.
Unauthenticated PHP Object Injection
The vulnerability known as an unauthenticated PHP object injection. However it’s much less extreme than a typical Unauthenticated PHP Object Injection the place an attacker may instantly exploit the vulnerability. This particular vulnerability requires {that a} consumer with administrator degree credentials export and restore a backup with the plugin with the intention to set off the exploit.
The way in which this type of vulnerability works is that the WordPress plugin processes probably malicious knowledge throughout backup restoration with out correctly verifying it. However as a result of there’s a slender assault alternative, it makes exploiting it much less simple.
However, if the precise circumstances are met, an attacker can delete recordsdata, entry delicate info, and run malicious code.
In response to a report by Wordfence:
“The All-in-One WP Migration and Backup plugin for WordPress is susceptible to PHP Object Injection in all variations as much as, and together with, 7.89 by way of deserialization of untrusted enter within the ‘replace_serialized_values’ perform.
This makes it potential for unauthenticated attackers to inject a PHP Object. No identified POP chain is current within the susceptible software program. If a POP chain is current by way of an extra plugin or theme put in on the goal system, it may permit the attacker to delete arbitrary recordsdata, retrieve delicate knowledge, or execute code. An administrator should export and restore a backup with the intention to set off the exploit.”
The vulnerability impacts variations as much as and together with 7.89. Customers of the plugin are really helpful to replace it to the newest model which on the time of writing is 7.90.
Learn the Wordfence vulnerability advisory:
All in One WP Migration <= 7.89 – Unauthenticated PHP Object Injection