Researchers WordPress to take control of the attacks.
According to a blog article from the security company Wordfence, the bugs were present in Brizy - Page Builder, a WordPress plugin installed on more than 90,000 sites. Although a patch has been released, it is likely that a number of installations will not be patched.
According to the Common Vulnerability Scoring System (CVSS), Brizy - Page Builder bugs vary in severity from medium (6 , 4) to high (8.8).
WordPress plugin vulnerability
Researchers were first alerted to a potential issue when they observed unusual traffic related to the Brizy - Page Builder plugin. Although the plugin was not actively attacked, the group was able to identify a selection of interconnected bugs.
"[Unusual traffic] led us to discover two new vulnerabilities as well as a previously patched access control vulnerability in the plugin that had been reintroduced ", explained Wordfence" The two new vulnerabilities could take advantage of the control vulnerability access to allow a complete takeover of the site. ”
The nature of these vulnerabilities was that any registered user (including subscribers) could impersonate an administrator and edit articles and pages, even if they had already been published on the site.
The problems wereidentified by Wordfence in early June. After a thorough investigation, researchers informed the vendor of the vulnerabilities in mid-August and a full patch was released about a week later.
To protect against attacks, users are advised WordPress to immediately update the latest version of the Brizy - Page Builder plugin (version 2.3.17).