WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815
Plugin Name: News & Blog Designer Pack
Key Information:
- Software Type: Plugin
- Software Slug: blog-designer-pack
- Software Status: Active
- Software Author: infornweb
- Software Downloads: 408,098
- Active Installs: 30,000
- Last Updated: October 26, 2023
- Patched Versions: 3.4.2
- Affected Versions: <=3.4.1
Vulnerability Details:
- Name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion
- Title: Unauthenticated Remote Code Execution via Local File Inclusion
- Type: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
- CVE: CVE-2023-5815
- CVSS Score: 8.1 (High)
- Publicly Published: October 26, 2023
- Researcher: Florian Hauser
- Description: The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.
Summary:
The News & Blog Designer Pack for WordPress has a vulnerability in versions up to and including 3.4.1 that allows unauthenticated remote code execution via local file inclusion. This vulnerability has been patched in version 3.4.2.
Detailed Overview:
Security researcher Florian Hauser disclosed an unauthenticated remote code execution vulnerability in the News & Blog Designer Pack WordPress plugin affecting versions up to and including 3.4.1. The vulnerability allows attackers to achieve arbitrary code execution via local file inclusion by targeting the bdp_get_more_post AJAX hook. This is made possible due to the hook using unsafe extraction from POST variables and passing them directly to include() statements. On misconfigured Docker environments, attackers could potentially write files that are then included. This represents a critical vulnerability that allows takeover of vulnerable WordPress sites.
There have been 3 previous vulnerabilities in this plugin since March 2022, indicating ongoing security issues.
Advice for Users:
- Immediate Action: Upgrade to version 3.4.2 or higher immediately.
- Check for Signs of Vulnerability: Review logs for any suspicious failed requests targeting the bdp_get_more_post AJAX action.
- Alternate Plugins: Consider alternate plugins like WP Post Grid and Post Slider that offer similar functionality.
- Stay Updated: Always keep plugins updated and review changelogs to identify security fixes.
Conclusion:
This critical vulnerability underscores the importance of keeping WordPress and plugins updated. Users should upgrade to the latest patched version of News & Blog Designer Pack to mitigate this vulnerability.
References:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/blog-designer-pack
Detailed Report:
Keeping your WordPress website and its plugins updated is critical to maintaining security online. An alarming new vulnerability disclosed this week in a popular blogging plugin demonstrates precisely why. The News & Blog Designer Pack plugin, installed on over 30,000 sites, contains a critical remote code execution flaw allowing takeover of vulnerable WordPress installations. By exploiting this vulnerability, attackers could fully compromise sites running outdated versions of the plugin, underscored by the high severity CVSS score of 8.1. If you use this plugin, now is the time to take action by updating immediately. For anyone concerned about their website's security, we are here to help assess your risk and implement solutions to lock things down. Staying informed and proactive are key to avoiding threats like this dangerous vulnerability.
The News & Blog Designer Pack plugin is a popular tool for building customized blog layouts in WordPress. With over 400,000 downloads and 30,000 active installs, it powers blogs across a range of sites. Unfortunately, this widely-used plugin contains a severe vulnerability impacting all versions up to and including 3.4.1.
Security researcher Florian Hauser disclosed an unauthenticated remote code execution flaw that allows takeover of vulnerable WordPress sites. By sending crafted requests to the bdp_get_more_post AJAX hook, attackers can achieve arbitrary PHP code execution via local file inclusion. This is possible because the plugin improperly extracts POST data and passes it to include() statements. On misconfigured Docker sites, attackers could even write files that are subsequently included.
This vulnerability allows for complete site takeover, exposing customer data, defacing sites, and conducting further attacks. The ease of exploiting it without any authentication underscores the critical risk it poses. There have been 3 previous vulnerabilities in the plugin since March 2022 as well, pointing to ongoing security issues.
To mitigate this vulnerability, users should update to version 3.4.2 or higher immediately. It's also important to monitor logs for any suspicious requests related to it. For enhanced security, switching to alternate blogging plugins like WP Post Grid can be considered.
This case highlights why staying on top of plugin security is so important. But for busy small business owners running on WordPress, it can be challenging to stay updated. Working with a managed security provider is the best way to ensure vulnerabilities like this don't put your business at risk. They can monitor for threats, keep software patched and configured securely, and respond to incidents. Don't let your website be the next compromised by a dangerous exploit. Partnering with security experts lets you focus on your business, not cybersecurity.
Staying informed and being proactive are the keys to protecting your online presence. Vulnerabilities like this emerge frequently, but with the right solutions in place, small businesses can defend against threats targeting their websites.
Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.
Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.
Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.