skip to Main Content

WordPress: critical vulnerability on Ad Inserter plugin

WordPress: Critical Vulnerability On Ad Inserter Plugin

New vulnerability on a WordPress plugin: Ad Inserter. A critical bug allows authenticated attackers to remotely execute PHP code. WordFence and the developers fixed it with version 2.4.22

New vulnerability on a WordPress plugin, installed on over 200.000: Ad Inserter. The WordFence cyber security experts found a critical bug that allows authenticated attackers to remotely execute PHP code. Ad Inserter is an ad management plugin that supports all different kinds of ads and includes advanced options for inserting opt-in forms, header scripts, Javascript, CSS, HTML, PHP, analytics, tracking or advert code anywhere on the page. The plugin also has an ad preview feature which administrators can use to verify ad blocks are configured correctly before publishing them for site visitors to see. The researchers privately disclosed the issue to the plugin’s developer, who released a patch the very next day. So, any websites running Ad Inserter 2.4.21 or below should be immediately updated to version 2.4.22. 

The cyber security experts: The flaw is related to the use of the check_admin_referer() for authorization

According to Bleeping Computer, the cyber security experts believe the Ad Inserter plugin vulnerability is related to the use of the check_admin_referer() for authorization, when it was specifically designed to protect WordPress sites against cross-site request forgery (CSRF) exploits using nonces — one-time tokens used for blocking expired and repeated requests. Authenticated attackers who get their hands on a nonce can bypass the authorization checks powered by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin. Then they can immediately trigger the debugging feature and, even more dangerous, exploit the ad preview feature by sending a malicious payload containing arbitrary PHP code. Recently there have been discovered other vulnerable plugins.

Back To Top