Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

News by Bradley Barth

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorised attackers to inject malicious HTML code into the main page.

WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorised attackers to inject malicious HTML code into the main page.

In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the "MP for WP – Accelerated Mobile Pages" plug-in. The software’s developers patched the issue two weeks ago in its latest release, version 0.9.97.20.

Blog author and WebARX researcher Luka Šikic explains that the flaw is "located in the ampforwp_save_steps_data which is called to save settings during the installation wizard. It’s been registered as wp_ajax_ampforwp_save_installer
ajax hook." The problem is, the plug-in allows every registered user, irrespective of account role, to call Ajax hooks.

There is no validation process to ensure that only high-privileged admins have this ability, which allows them to place ads or add custom HTML in pages’ headers or footers. The new version fixes this oversight. But websites running unpatched version of the plug-ins are in danger of having low-privilege users inject malicious HTML such as unwanted ads, mining scripts and other malware, Šikic warns.

Just this week, it was reported that the WP GDPR Compliance WordPress plug-in was patched on 7 November after a critical privilege escalation vulnerability was discovered in its wp-admin/admin-ajax.php functionality. Both this plug-in and MP for WP – Accelerated Mobile Pages have over 100,000 active installations apiece.

This song was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events