WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275

Plugin Name: Widgets for Google Reviews

Key Information:

  • Software Type: Plugin
  • Software Slug: wp-reviews-plugin-for-google
  • Software Status: Active
  • Software Author: trustindex
  • Software Downloads: 4,619,317
  • Active Installs: 300,000
  • Last Updated: November 22, 2023
  • Patched Versions: 11.1
  • Affected Versions: <= 11.0.2

Vulnerability Details:

  • Name: Widgets for Google Reviews <= 11.0.2 - Authenticated (Editor+) Arbitrary File Upload
  • Title: Authenticated (Editor+) Arbitrary File Upload
  • Type: Unrestricted Upload of File with Dangerous Type
  • CVE: CVE-2023-48275
  • CVSS Score: 6.6 (Medium)
  • Publicly Published: November 22, 2023
  • Researcher: Rafie Muhammad
  • Description: The Widgets for Google Reviews plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/tabs/feature_request.php file in all versions up to, and including, 11.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This vulnerability may only be fully exploitable for RCE in unique scenarios where the server is overloaded and the unlink() is not triggered immediately following move_uploaded_file().

Summary:

The Widgets for Google Reviews plugin for WordPress has a vulnerability in versions up to and including 11.0.2 that allows authenticated users with Editor+ level access to upload arbitrary files, which could enable remote code execution in some scenarios. This vulnerability has been patched in version 11.1.

Detailed Overview:

The researcher Rafie Muhammad discovered a vulnerability in the feature_request.php file of the Widgets for Google Reviews plugin that allows authenticated users with Editor or higher level access to upload files of any type without restriction. This could enable attackers to upload and execute malicious scripts on vulnerable WordPress sites. While the vulnerability may only be exploitable for RCE in unique scenarios due to the unlink() function being called after file upload, it still represents a serious risk that has been addressed in version 11.1. Sites running Widgets for Google Reviews up to and including 11.0.2 should update immediately.

Advice for Users:

  1. Immediate Action: Update to version 11.1 or higher to patch this vulnerability.
  2. Check for Signs of Compromise: Review your file directory for unexpected files, scan for malware.
  3. Alternate Plugins: Consider tested SEO plugins as a precaution.
  4. Stay Updated: Enable automatic background updates for plugins to avoid future vulnerabilities.

Conclusion:

The developer response shows the need for rapid patching of disclosed vulnerabilities. Users should install version 11.1 to eliminate this authenticated arbitrary file upload risk.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-reviews-plugin-for-google

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-reviews-plugin-for-google/widgets-for-google-reviews-1102-authenticated-editor-arbitrary-file-upload

Detailed Report:

Keeping your WordPress website updated is crucial to protecting yourself against the latest security threats. This point has been underscored yet again with the recent disclosure of a serious authenticated arbitrary file upload vulnerability in the popular Widgets for Google Reviews plugin. This vulnerability enables editors and administrators on affected sites to upload malicious files, presenting a serious hacking risk. If you haven't updated recently, it's time to take action.

About the Vulnerable Plugin

Widgets for Google Reviews is a widely-used plugin with over 4.6 million downloads and 300,000 active installs. It allows site owners to easily display Google reviews. The plugin is developed by Trustindex and is actively maintained.

Technical Details of the Vulnerability

The vulnerability, now patched in version 11.1, affects Widgets for Google Reviews versions up to and including 11.0.2. It allows authenticated users with editor-level access or higher to upload files of any type without restriction due to missing server-side validation. This makes it possible to upload and execute malicious scripts. The vulnerability may allow full remote code execution in certain limited scenarios.

Impacts and Risks

This vulnerability allows attackers who have obtained editor access to a vulnerable site to remotely execute malicious code. They could steal data, install malware like cryptojackers to hijack site resources, or otherwise fully compromise the site. While exploitation may be complex, it's best to eliminate the risk.

What to Do: Updating Immediately

Sites running any version of Widgets for Google Reviews up to 11.0.2 should update to the latest secure version, 11.1, as soon as possible. Enabling automatic background updates for all plugins is also highly recommended. Review your files for unexpected uploads and scan for malware if you suspect exploitation.

The Bigger Picture: Staying Secure

This vulnerability underscores the importance of maintaining awareness and prompt updating of WordPress sites. As a small business owner without ample security resources, staying on top of threats can be difficult. But with some vigilance to enable notifications and automatic updates, the risks can be drastically reduced. Don't let outdated software put your livelihood at risk. If you ever have concerns about a compromise or questions about keeping your site safe, please reach out to our team of WordPress security experts for affordable solutions tailored to you.

As a business owner, you don't have time to constantly monitor for WordPress vulnerabilities like this. At Your WP Guy, we become your outsourced IT team to handle security, updates, maintenance and support. Let us fully audit your site and plugins to assess any impact from this issue. We'll update everything to patched versions so you can rest easy knowing your site is locked down.

Focus on your business goals while we focus on your WordPress site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 for a free consultation on securing your online presence.

WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275 FAQs

Leave a Comment