Multiple Vulnerabilities in WordPress Could Allow for Remote Code Execution

ITS Advisory Number: 
2019-023
Date(s) Issued: 
Wednesday, February 20, 2019
Subject: 
Multiple Vulnerabilities in WordPress Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow a WordPress author to execute code remotely on the underlying server. WordPress is a web-based publishing application implemented in PHP. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution with privileges of the affected application.

 

THREAT INTELLIGENCE:

A Proof-of-Concept has been developed by the researchers who discovered this vulnerability to demonstrate the issues. 

Systems Affected: 

*           WordPress 5 versions prior to 5.0.1

*           WordPress 4 versions prior to 4.9.9

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in WordPress that could allow for remote code execution. The vulnerabilities exist because WordPress does not properly validate Post Meta entries submitted by users. This allows an attacker to enter directory traversal sequences for filenames in order to place a malicious file in the WordPress themes directory. Then, an attacker can create a malicious post that includes the malicious file resulting in remote code execution on the underlying host. 

  • A remote code execution vulnerability due to improper input validation for _wp_attached_file Post Meta entries (CVE-2019-8942)

  • A path traversal vulnerability due to improper input validation in the wp_crop_image function (CVE-2019-8943) 

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution with privileges of the affected application.

Actions: 
  • After appropriate testing, immediately apply updates provided by Adobe.

  • Apply the Principle of Least Privilege to all systems and services.

  • Verify no unauthorized system modifications have occurred on the system before applying patches.

  • Monitor intrusion detection systems for any signs of anomalous activity.

  • Unless required, limit external network access to affected products.