• Digital Marketing Agency
  • 770-429-5300
  • Client Portal
Sunday, March 26, 2023
  • Login
  • Home
  • Web Design
    How well does your digital marketing agency protect your data and sensitive information?

    Protecting Sensitive Information

    GETTR - A Social Media Platform for Conservatives

    GETTR – Why are people flocking here?

    Hardening WordPress Websites – How to Improve WordPress Security

    Block referrer spam in analytics

    How to Stop Referrer Spam and Block Hackers Using Your htaccess File

    GDPR Policy for Website Privacy

    GDPR Compliant Websites

    Wordpress SQL Injection Vulnerability

    SQL Injection Vulnerability in WP Statistics

  • Local Search
  • SEO
  • PPC Ads
  • SEM
  • Social Media
  • Home
  • Web Design
    How well does your digital marketing agency protect your data and sensitive information?

    Protecting Sensitive Information

    GETTR - A Social Media Platform for Conservatives

    GETTR – Why are people flocking here?

    Hardening WordPress Websites – How to Improve WordPress Security

    Block referrer spam in analytics

    How to Stop Referrer Spam and Block Hackers Using Your htaccess File

    GDPR Policy for Website Privacy

    GDPR Compliant Websites

    Wordpress SQL Injection Vulnerability

    SQL Injection Vulnerability in WP Statistics

  • Local Search
  • SEO
  • PPC Ads
  • SEM
  • Social Media
No Result
View All Result
Digital Marketing Trends
No Result
View All Result

SQL Injection Vulnerability in WP Statistics

Digital Team by Digital Team
November 30, 2020
Home Security
Share on FacebookShare on Twitter

Sucuri – WordPress Security Alert

SQL Injection Vulnerability article was written by John Castro, a security analyst at the Sucuri Security Operations Group

Sucuri is a world-class internet security organization. Sucuri is one of the very best security plug-ins and firewalls for a WordPress website. Sucuri provides public alerts for dangerous WordPress security risks. This alert concerns known risks with the WP Statistics plugin.

As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues.

While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites.

Are You at Risk from SQL Vulnerabilities?

This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.

If you have a vulnerable version installed and your site allows user registration, you are definitely at risk.

Technical Details

WordPress provides an API that enables developers to create content that users can inject to certain pages just using a simple shortcode:

[shortcode atts_1=”test” atts_2=”test”]
Among other functionalities, WP Statistics allows admin users to get detailed information related with the number of visits by just calling the shortcode below:

The shortcode that allows admins to obtain detailed stat information.
The WP Statistics shortcode that allows admins to obtain detailed visit information.
As you can see on the above image, some attributes of the shortcode wpstatistics are being passed as parameters for important functions and this shouldn’t be a problem if those parameters were sanitized, but as we’ll see this is not the case.

One of the vulnerable functions wp_statistics_searchengine_query() in the file “includes/functions/functions.php” is accessible through WordPress’ AJAX functionality thanks to the core function wp_ajax_parse_media_shortcode().

This function doesn’t check for additional privileges, allowing subscribers to execute this shortcode and inject malicious data to its attributes. (This attack vector was also described here).

In a number places in the code, user input coming from attributes of the wpstatistics’ shortcode are included in SQL queries without being sanitized. Below one of the queries that were exploitable:

Shortcode parameters aren’t properly sanitized in the WP statistics shortcode.
Shortcode parameters aren’t properly sanitized in the WP Statistics plugin.
The wp_statistics_searchengine_query() basically returns the same value as the one passed in the shortcode attribute provider and its content is added directly to the raw SQL query.

Update as Soon as Possible

If you’re using a vulnerable version of this plugin, update as soon as possible!

In the event where you cannot do this, we strongly recommend leveraging the Sucuri Firewall or equivalent technology to have the vulnerability patched virtually.

Digital Team

Digital Team

Next Post
AMP Pages - Accelerated Mobile Pages

AMP - Accelerated Mobile Pages

Comments 1

  1. Elise Trabor says:
    1 year ago

    We had this problem when we used a cheap hosting company. We changed to SiteGround (more expensive) and no more hacking issues.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Content Marketing
  • Content Optimization
  • Digital Advertising
  • Local Search
  • PPC Advertising
  • Security
  • SEM
  • SEO
  • Social Media
  • Technical SEO
  • Uncategorized
  • Website Design
  • Wordpress

Tags

backlinks bing ads branding cyber security disavow gettr google ads google business profile google my business google page speed insight hardening wordpress internet security ppc company ppc management ppc services PR website security wordpress hacking wordpress security
  • Terms of Use
  • Privacy & Policy
  • Contact

© 2023, E-Platform Marketing - Digital Marketing Agency

No Result
View All Result
  • Home
  • Web Design
  • SEO
  • SEM
  • Local Search
  • PPC Ads
  • Contact Us

© 2023, E-Platform Marketing - Digital Marketing Agency

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In