Tag Archives: WordPress

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

Leave a reply

About Authentication Bypass - Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000 installations.

On December 10, WPScan reported a vulnerability in Hunk Companion plugin versions below 1.9.0, allowing unauthenticated attackers to install and activate plugins from the WordPressOrg repository. The exploit has been on GitHub since December 28.

This way, attackers can install plugins that contain additional vulnerabilities. 👾 In the incident analyzed by WPScan, the attackers installed the WP Query Console plugin with RCE vulnerability CVE‑2024‑50498 on the website and exploited it to install a backdoor.

If you use WordPress, try to minimize the number of plugins and update them regularly!

На русском

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses

Leave a reply

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices of vulnerability management process. At the end we announce a contest of questions about Vulnerability Management with gifts. 🎁

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest on the official PT website

Content:

🔻 00:51 Elevation of Privilege – Windows Installer (CVE-2024-38014) and details about this vulnerability
🔻 02:42 Security Feature Bypass – Windows Mark of the Web “LNK Stomping” (CVE-2024-38217)
🔻 03:50 Spoofing – Windows MSHTML Platform (CVE-2024-43461)
🔻 05:07 Remote Code Execution – VMware vCenter (CVE-2024-38812)
🔻 06:20 Remote Code Execution – Veeam Backup & Replication (CVE-2024-40711), while the video was being edited, data about exploitation in the wild appeared
🔻 08:33 Cross Site Scripting – Roundcube Webmail (CVE-2024-37383)
🔻 09:31 SQL Injection – The Events Calendar plugin for WordPress (CVE-2024-8275)
🔻 10:30 Human vulnerabilities: fake reCAPTCHA
🔻 11:45 Real world vulnerabilities: еxplosions of pagers and other electronic devices in Lebanon and the consequences for the whole world
🔻 14:42 Vulnerability management process practices: tie annual bonuses of IT specialists to meeting SLAs for eliminating vulnerabilities
🔻 16:03 Final and announcement of the contest
🔻 16:24 Backstage

На русском

About SQL Injection – The Events Calendar plugin for WordPress (CVE-2024-8275) vulnerability

Leave a reply

About SQL Injection - The Events Calendar plugin for WordPress (CVE-2024-8275) vulnerability

About SQL Injection – The Events Calendar plugin for WordPress (CVE-2024-8275) vulnerability. This plugin for WordPress CMS allows you to create event pages with search and filtering capabilities. The plugin is installed on more than 700,000 websites.

The plugin offers extensive customization options, including using individual plugin functions in your own code. One of these functions, tribe_has_next_event(), was found to have a SQL injection that allows an unauthenticated attacker to extract sensitive information from the website’s database. An exploit is available on GitHub.

❗️ The developers note that this function is not used by the plugin itself (“unused code”). Only sites that have manually added a tribe_has_next_event() call will be vulnerable.

If you are using WordPress with The Events Calendar plugin, check if there is some tricky customization using this vulnerable function and update to v.6.6.4.1 and above.

На русском

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

Leave a reply

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress. We have branched off from Seclab news videos and started releasing separate episodes. Hooray! 🥳😎 If we get enough views, we will continue to release them in the future. It’s up to you, please follow the link to the video platform and click “Like” button and/or leave a comment. 🥺

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:48 Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)
🔻 02:22 Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)
🔻 03:23 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Kernel (CVE-2024-38106), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 04:50 Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

06:39 Check out the final jingle I generated using AI services 😉 (ToolBaz for lyrics and Suno for music)

На русском

A couple of interesting details about Unauthenticated Elevation of Privilege – WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000)

Leave a reply

A couple of interesting details about Unauthenticated Elevation of Privilege - WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000)

A couple of interesting details about Unauthenticated Elevation of Privilege – WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000).

🔹 The vulnerability was found by researcher John Blackbourn. He submitted it through the bug bounty program and received $14,400. 👏

🔹 The vulnerability cannot be exploited on Windows installations, because the function that is needed to generate the hash does not work on Windows. This is what researchers write in the write-up. However, they do not write how this plugin works on Windows installations and whether it works at all. 🤔 But if the plugin works and the vulnerability cannot be exploited, then it turns out that sometimes it is not such a strange idea to use Windows instead of Linux as a hosting OS for websites. 🙃

На русском

Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

Leave a reply

Unauthenticated Elevation of Privilege - WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000).

🔹 WordPress is a popular open source CMS (835 million websites) that supports third-party plugins.

🔹 LiteSpeed Cache is one such plugin. It increases the loading speed of website pages by caching them. The free version is used on 5 million websites.

On August 13, a critical vulnerability of this plugin was released. A remote unauthenticated attacker can obtain administrator rights. 😱 According to the write-up, the attacker brute-forces the hash used for authentication. This hash is generated insecurely, so there are only a million of its possible values. If you make 3 requests to the website per second, then brute-force and obtaining admin rights takes from several hours to a week.

👾 The PoC is available on GitHub and attackers are already actively exploiting the vulnerability.

Update to version 6.4.1 and higher.

На русском

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

1 Reply

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review. Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done.

Alternative video link (for Russia): https://vk.com/video-149273431_456239139

Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and some other interesting vulnerabilities that have been released or updated in the last 3 months. Finally, I’d like to end this episode with a reflection on how my 2023 went and what I’d like to do in 2024.

Continue reading