Question 1

What is the SiteOrigin Widgets Bundle?

Accepted Answer

What is the SiteOrigin Widgets Bundle?

The SiteOrigin Widgets Bundle is a popular WordPress plugin with over 36 million downloads. It allows users to create and add custom, responsive widgets like images, media, maps, and more to their WordPress site. The plugin makes it easy for users to build and customize widgets without needing to know code.

Question 2

What is the vulnerability discovered in the SiteOrigin Widgets Bundle?

Accepted Answer

What is the vulnerability discovered in the SiteOrigin Widgets Bundle?

Researchers recently disclosed a critical remote code execution (RCE) vulnerability in versions 1.50.1 and below of the SiteOrigin Widgets Bundle plugin. The vulnerability allows authenticated users with at least Admin access to inject arbitrary malicious files from the server into include and require statements. This permits them to bypass security controls and remotely execute malicious code on vulnerable WordPress sites.

Question 3

How serious is this SiteOrigin Widgets Bundle vulnerability?

Accepted Answer

How serious is this SiteOrigin Widgets Bundle vulnerability?

This RCE vulnerability allows attackers to fully compromise vulnerable WordPress sites. They could use it to inject malware, steal data, lock sites with ransomware, and carry out other malicious activities. Over 600,000 sites actively using the plugin are thought to be affected. So this vulnerability is considered highly critical for site security.

Question 4

Has SiteOrigin Widgets Bundle had security issues before?

Accepted Answer

Has SiteOrigin Widgets Bundle had security issues before?

Yes, unfortunately there have been previous security vulnerabilities found in the SiteOrigin Widgets Bundle plugin. Cross-site scripting, access bypass, and information disclosure issues have surfaced in the past couple years. This shows the plugin has had ongoing security weaknesses that are only now getting proper attention.

Question 5

How can I tell if my site is vulnerable?

Accepted Answer

How can I tell if my site is vulnerable?

If your WordPress site has version 1.50.1 or lower of the SiteOrigin Widgets Bundle plugin installed, it is vulnerable. Navigate to Plugins > Installed Plugins within the WordPress dashboard to check your current version. Vulnerable versions will show 1.50.1 or lower.

Question 6

Should I remove the SiteOrigin Widgets Bundle plugin from my site?

Accepted Answer

Should I remove the SiteOrigin Widgets Bundle plugin from my site?

You do not necessarily need to fully remove the plugin once you have updated it. Developers have addressed the vulnerability in version 1.51.0. However, given past security issues with this plugin, you may want to strongly consider replacing it with a safer alternative widget plugin for the future security of your site.

Question 7

What can happen if my site was already compromised?

Accepted Answer

What can happen if my site was already compromised?

If an attacker already exploited this vulnerability prior to your updating, they could have injected backdoors, malware, stolen data, and established other persistent threats into your system. You will likely need professional help fully removing bad actors and establishing the integrity of your site. Watch closely for signs of compromise like strange activity, files, database changes.

Question 8

Will my historical widget data be impacted if I replace the plugin?

Accepted Answer

Will my historical widget data be impacted if I replace the plugin?

When replacing the SiteOrigin Widgets Bundle plugin, previous widget data will likely be affected in some way since that data relies on the plugin's underlying systems. Some alternatives may be able to migrate data. However, you may lose or need to recreate certain widgets or customizations if switching plugins.

Question 9

When was this vulnerability disclosed?

Accepted Answer

When was this vulnerability disclosed?

The vulnerability was publicly disclosed on November 27, 2023 by the Wordfence Threat Intelligence team. This disclosure came after responsible reporting to the plugin developers earlier in November which led to the patched release. Public disclosure is meant to spur vulnerable site owners to urgently update.

Question 10

How can I stay on top of future WordPress plugin vulnerabilities?

Accepted Answer

How can I stay on top of future WordPress plugin vulnerabilities?

Enabling automated WordPress updates is a good step to help ensure you receive important security patches when available. Actively maintaining awareness through plugin developer notifications, security bulletins, and WordPress news sites can alert you to newly found vulnerabilities. Seeking professional website monitoring/management assistance is advised as well.

disclosure

WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy