There’s a serious vulnerability in the WordPress Plugin Pro Quoter, which could lead to arbitrary code execution. This vulnerability occurs because the plugin fails to sanitize user-supplied input. This could allow an attacker to steal cookie-based authentication credentials. This vulnerability affects WordPress Plugin Pro Quoter version 1.0 and earlier.
WordPress Plugin Pro Quoter vulnerability
Wordfence, a website that tracks security issues on WordPress plugins, has reported that a high percentage of WordPress plug-ins are affected by this vulnerability. The good news is that many of the most popular WordPress plug-ins are secure and supported by large teams of developers who work hard to address vulnerabilities and maintain the security of WordPress. The bad news is that the plug-in that is most affected by this vulnerability is not among the most popular, and it is not advertised in the top search results, which is a red flag for its vulnerability. Additionally, the company that makes the plugin is not well-known.
The vulnerable version was 1.6. Wordfence has since updated the plugin to fix the vulnerability. Wordfence recommends users to upgrade their plugins to the latest versions of those versions. The vulnerability was in the /wp-json/omapp/v1/support endpoint, which was vulnerable to an authorization bypass vulnerability and insufficient capability checking. Using this vulnerability, an attacker could gain access to sensitive information, including the site full path and API key. They could then modify the campaign associated with the connected OptinMonster account and inject malicious JavaScript.
WordPress Plugin Pro Quoter is affected by multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities occur because the plugin fails to sanitize user-supplied input properly. In addition to allowing an attacker to execute arbitrary script code on your site, this vulnerability also allows them to steal cookie-based authentication credentials. As such, it is imperative that developers adhere to secure coding practices to prevent these vulnerabilities from compromising the security of their WordPress sites.
Wordfence published a blog post on this vulnerability, highlighting possible indicators of compromise. Wordfence recommends users upgrade to the latest version of Duplicator. The most reliable indicator is whether a request contains a file parameter, as this is required to exploit this vulnerability. The plugin’s developer has addressed this vulnerability in versions 3.8.7.1.3.28 on February 12. As a result, Wordfence recommends upgrading to the latest version.
The vulnerability affects three different WordPress plugins. In total, over 84,000 WordPress sites are affected. The vulnerability allows malicious actors to take control of a vulnerable site by updating arbitrary settings or tricking the site administrator into doing a malicious action. This vulnerability also allows attackers to inject malware into a website.
