skip to Main Content

WordPress, new plugin flaws: this time it’s up to wpDataTables Lite

Another WordPress plugin flaws discovered: wpDataTables Lite has two vulnerabilities linked to  insufficient sanitization of user-supplied data that pose risks of XSS scripting and SQL Injection. However, the vendor has issued an update that solves the problems

New threats to WordPress via vulnerabilities in plugins, this time it’s up to wpDataTables Lite. According to Cyber Security Help, it has two flaws related to insufficient sanitization of user-supplied data. One linked to risks of Cross-site (XSS) scripting, and the second to SQL Injection. In the first case, the disclosed vulnerability allows a remote attacker to perform XSS attacks tricking the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website. Successful exploitation may allow to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks. In the second, The flaw allows a remote authenticated user to execute arbitrary SQL queries in database. Successful exploitation may allow him to read, delete, modify data in database and gain complete control over the application. Vendor has issued updates that resolve the problems.

It’s not clear at the moment if the wpDataTables Lite vulnerabilities have been exploited by cybercrime in the ongoing malvertising campaign on the blogging platform

At the moment it’s not clear if wpDataTables Lite has been used in the ongoing malvertising campaign on WordPress. But it’s certain that cybercrime is exploiting plugin vulnerabilities to launch attacks. According to the cyber security experts, malicious actors inject a JavaScript payload into the front end of a victim’s site. These injections contain a short script which sources additional code from one or more third-party URLs. That code is executed when a visitor opens the victim website. When the third party code executes in a visitor’s browser, it performs an initial redirect to a central domain, which then performs another redirect to a new destination based on a number of factors, notably the type of device in use by the redirected user. Some redirects users on illegitimate ads for pharmaceuticals and pornography, while others on malicious activity against the user’s browser or attempt to social engineer their victims.

Back To Top