New vulnerability on a WordPress plugin: Ad Inserter. A critical bug allows authenticated attackers to remotely execute PHP code. WordFence and the developers fixed it with version 2.4.22
The cyber security experts: The flaw is related to the use of the check_admin_referer() for authorization
According to Bleeping Computer, the cyber security experts believe the Ad Inserter plugin vulnerability is related to the use of the check_admin_referer() for authorization, when it was specifically designed to protect WordPress sites against cross-site request forgery (CSRF) exploits using nonces — one-time tokens used for blocking expired and repeated requests. Authenticated attackers who get their hands on a nonce can bypass the authorization checks powered by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin. Then they can immediately trigger the debugging feature and, even more dangerous, exploit the ad preview feature by sending a malicious payload containing arbitrary PHP code. Recently there have been discovered other vulnerable plugins.