Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Code Injection Vulnerability Found in ‘Real-Time Find and Replace’ WordPress Plugin

The “Real-Time Find and Replace” WordPress plugin was updated recently to address a high severity vulnerability that could be exploited to inject code into a website.

The “Real-Time Find and Replace” WordPress plugin was updated recently to address a high severity vulnerability that could be exploited to inject code into a website.

Designed to allow WordPress site admins to dynamically replace HTML content from themes and other plugins with content of their choosing before the page is served to users, the plugin is available as open source and has over 100,000 installations.

The recently identified vulnerability, a Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS), could have allowed an attacker to inject malicious JavaScript code on a target site, but only by tricking the administrator into performing specific actions, such as clicking a link.

The core of the plugin’s functionality for adding find and replace rules resides in the function far_options_page, which did not verify the integrity of a request’s source, because it did not use nonce verification, WordPress security company Defiant discovered.

“Any attacker capable of tricking a site owner into executing an unwanted action could replace any content or HTML on a vulnerable site with new content or malicious code. This replacement code or content would then execute anytime a user navigated to a page that contained the original content,” Defiant says.

By replacing an HTML tag like <head> with malicious JavaScript, an attacker would ensure their code executes on nearly every page of the targeted site. Leveraging the injected code, the attacker could create a new administrative account, steal session cookies, or direct users to a malicious site.

Defiant reported the vulnerability to the plugin’s developer on April 22 and the security flaw was addressed the same day.

“In the most up to date version, a nonce has been added along with a check_admin_referer nonce verification function to ensure the legitimacy of the source of a request,” Defiant explains.

Advertisement. Scroll to continue reading.

Version 4.0.2 or newer of the Real-Time Find and Replace plugin includes a patch for the bug, and users are advised to update the plugin as soon as possible to ensure their WordPress websites are protected.

Related: Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks

Related: Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks

Related: WPvivid Backup Plugin Flaw Leads to WordPress Database Leak

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.