A security advisory was issued for two vulnerabilities affecting the Seraphinite Accelerator WordPress plugin that’s installed in over 60,000 websites. The vulnerabilities can be exploited by any logged-in user with a minimum subscriber-level access.
The Seraphinite Accelerator WordPress plugin flaw allows authenticated attackers to retrieve internal operational data from a website and also make unauthorized changes. The issue affects all versions of the plugin up to and including 2.28.14. The developers fixed the vulnerability in version 2.28.15.
What The Plugin Does
Seraphinite Accelerator is a performance plugin used to speed up WordPress sites. The main function is creating cached versions of pages so the server does not need to generate them every time someone visits the site. The plugin also supports multiple compression formats including GZip, Deflate, and Brotli, enables browser caching and separates cached data for different devices and environments in order to reduce server load.
Who Can Exploit The Vulnerability
The vulnerability requires authentication to exploit the flaw, but only at the low subscriber level, which is commonly assigned to users who register on a site. This means attackers do not need administrator access. A basic user account is enough to trigger the vulnerable function.
What The Security Failure Is
The vulnerability exists because the plugin does not verify whether a user has permission to access a specific API function. The plugin exposes an AJAX endpoint named seraph_accel_api. One of the functions that can be called through that endpoint is GetData, which is handled internally by the OnAdminApi_GetData() function.
According to the advisory:
“The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.”
In a second advisory for a similar vulnerability Wordfence warns of modifications that attackers could make on a website:
“The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin’s debug/operational logs.”
In WordPress, capability checks are used to confirm that a user has permission to perform an administrative action. Plugins typically require the manage_options capability for functions that expose internal system data.
Because this check was missing, the plugin allowed…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
