Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Database Cleaner

Key Information:

  • Software Type: Plugin
  • Software Slug: advanced-database-cleaner
  • Software Status: Active
  • Software Author: symptote
  • Software Downloads: 1,283,477
  • Active Installs: 100,000
  • Last Updated: January 24, 2024
  • Patched Versions: 3.1.4
  • Affected Versions: <= 3.1.3

Vulnerability Details:

  • Name: Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action
  • Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action
  • Type: Deserialization of Untrusted Data
  • CVE: CVE-2024-0668
  • CVSS Score: 6.6 (Medium)
  • Publicly Published: January 24, 2024
  • Researcher: Richard Telleng
  • Description: The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Summary:

The Advanced Database Cleaner for WordPress has a vulnerability in versions up to and including 3.1.3 that allows authenticated users with admin access to inject PHP objects. This could lead to sensitive data exposure, arbitrary file deletion, or remote code execution if a POP chain is present. This vulnerability has been patched in version 3.1.4.

Detailed Overview:

Researcher Richard Telleng disclosed that the Advanced Database Cleaner plugin is vulnerable to PHP object injection due to the deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for an attacker with admin access to inject arbitrary PHP objects. While no POP chain is present in the vulnerable plugin itself, the presence of a POP chain in other installed plugins or themes could enable serious impacts like arbitrary code execution, sensitive data theft or destruction of files.

Advice for Users:

  1. Immediate Action: Update to version 3.1.4 as soon as possible.
  2. Check for Signs of Compromise: Review logs and scan with a malware detection tool to identify any indicators of compromise from this vulnerability.
  3. Alternate Plugins: Consider alternate database cleanup plugins like WP-Optimize as a precaution.
  4. Stay Updated: Enable auto-updates on plugins to receive security fixes as they become available.

Conclusion:

Symptote's quick release of Advanced Database Cleaner version 3.1.4 patched this medium severity vulnerability. Users should update immediately to avoid potential compromise. As always keeping plugins updated is key to securing WordPress sites.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-database-cleaner

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-database-cleaner/advanced-database-cleaner-313-authenticatedadministrator-php-object-injection-via-process-bulk-action

Detailed Report:

Website security should be a top concern for any online business. Unfortunately, vulnerabilities in widely-used plugins put countless sites at risk every day. Case in point: a serious flaw was recently disclosed in Advanced Database Cleaner, a plugin installed on over 100,000 WordPress sites. This vulnerability allows attackers to remotely execute malicious code on vulnerable websites. Left unpatched, your site could easily be compromised, destroyed, or used to attack others.

Advanced Database Cleaner is a popular plugin used to clean up redundant and outdated data in WordPress databases. It has over 1.2 million downloads and around 100,000 active installs. On January 24th, researcher Richard Telleng disclosed a vulnerability that impacts all versions up to and including 3.1.3.

This vulnerability allows authenticated users with admin access to inject arbitrary PHP objects due to the deserialization of untrusted input. While no POP chain for remote code execution is present in the plugin itself, the vulnerability could enable serious impacts if a POP chain exists via other installed plugins or the theme. Attackers could destroy files, steal sensitive data, or run malicious code on vulnerable sites.

To protect your website, it's critical to update Advanced Database Cleaner to version 3.1.4 as soon as possible. This release patches the vulnerability by sanitizing inputs before deserializing data. Check your site for any signs of compromise and consider installing an alternative database cleanup plugin as a precaution.

Unfortunately, this is not the first vulnerability found in Advanced Database Cleaner. There have been 5 other flaws disclosed since September 2020, illustrating the importance of prompt security updates. New threats emerge constantly, so running outdated software makes you an easy target. Don’t fall victim when fixes exist!

We care about the web and want to help site owners secure their online presence. If you use Advanced Database Cleaner or simply want a professional opinion about your site’s protection, contact us. Our team can audit your plugins, scan for threats, and help apply patches. A small investment now could save you from disaster down the road. The key is being proactive about security upkeep. Your site’s security depends on it!

As a business owner, you don't have time to constantly monitor for WordPress vulnerabilities like this. At Your WP Guy, we become your outsourced IT team to handle security, updates, maintenance and support. Let us fully audit your site and plugins to assess any impact from this issue. We'll update everything to patched versions so you can rest easy knowing your site is locked down.

Focus on your business goals while we focus on your WordPress site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 for a free consultation on securing your online presence.

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment