3 Plugin Vulnerabilities Disclosed Yesterday

We disclosed three plugin vulnerabilities yesterday that we’d like to bring to your attention to.

Local File Inclusion Vulnerability Severity 4.2 (Medium) and Unauthorized Options Update Vulnerability Severity 4.4 (Medium) in WP Fastest Cache

Wordfence Security Researcher Panagiotis Vagenas discovered both of these vulnerabilities in the WP Fastest Cache plugin which we reported to the author yesterday. The Local File Inclusion vulnerability allows an attacker to execute code on the target web server or on a site visitor’s browser. This enables the attacker to steal or manipulate data, perform a denial of service attack or enable additional attack types such as Cross Site Scripting. Wordfence Firewall provided protection against this type of attack prior to discovery.

The Options Update vulnerability allows an attacker to access and make changes to the CDN (Content Delivery Network) options for the website. With this control an attacker can direct all requests for css files, images, videos, etc. to their site, allowing them to serve malicious content to visitors of the vulnerable site.

Local File Inclusion CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Options Update CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

What to do

If you are running the Premium version of Wordfence and have the firewall enabled you are already protected because we added protection for both vulnerabilities yesterday.

Free Wordfence users running this plugin should update the vulnerable plugin immediately. Paid Wordfence users who have the firewall disabled should also update the vulnerable plugin immediately. The author released a fix within an hour of our notifying him of this vulnerability.

Sensitive Data Exposure Vulnerability Severity 4.3 (Medium) in Caldera Forms

Wordfence Security Researcher Panagiotis Vagenas also discovered this vulnerability, which we reported to the Caldera Forms author yesterday. This vulnerability allows an attacker to gain access to potentially sensitive data that has been captured by a Caldera Form.

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What to do

If you are running the Premium version of Wordfence and have the firewall enabled you are already protected, we added a firewall rule yesterday. Free users of Wordfence and paid users who have the Wordfence firewall disabled who are running this plugin should update to the most recent version immediately. The author released a fix within hours of discovery and published a blog post about it this morning.

Did you enjoy this post? Share it!

Comments

26 Comments
  • I'm so glad you folks stay on top of this security stuff with Wordfence. I'm definitely upgrading to the premium version for next month.
    All the best.

  • And what's the third plugin?

    • Hi Cristian, there were 2 vulnerabilities in one of the plugins. A total of 3 vulnerabilities in 2 plugins.

  • Thank you for updating us. Glad we've got you...

  • So happy I use y'all. I've had the free version installed for a long while now, and never once have I been disappointed.

  • Thanks for this update Dan!

    I also was looking for the 3rd plugin Vulnerability LOL Thanks for the explanation.

    Awesome work guys!!!

  • I can't live without Wordfence Security and the guys and gals behind it. When I moved across country, my site was hacked 3 times, probably because I accessed it from an unknown computer, etc. However, I learned my lesson to always listen to what the Wordfence team puts out there. You guys (and gals) rock!

  • Yes WORDFENCE is the best. Why people hesitate to go for the Premium Wordfence option? lazyness?

  • Can you tell me the version number for the fixed version of WP Fastest Cache? I want to make sure it's updated, because I logged into my site and there was not an update for it. I don't know if it was pushed without intervention.

    • Hi JP, version 0.8.5.7 should contain fixes for both vulnerabilities.

      • Thanks, that's what I have, so they must have pushed it. Thanks for letting us know about this.

      • Hello Dan,

        so, we must download manually the plugin and update by FTP to really update WP Fastest Caché ?

        Like JP said, ther is not any upgrade on Wordpress dashboard, so we must suppose that we still have installed vulnerable version of the plugin.

        Can you Clarify please?

        PD: Thanks to Wordfence team for your work.

        • Hi David, on the plugin page in the WordPress backend you should see the version number for each plugin. It is located right below the description. If the version is 0.8.5.7 you have the most recent version of the plugin which should include fixes for both of the vulnerabilities we reported.

          • Dan, sorry but i don´t understand.. think i lost something... I explain why:

            If i have last version (0.8.5.7 ), and i last updated the plugin 21 days ago... but the vulnerability was discovered yesterday....

            How is it possible my 0.8.5.7 version already has vulnerability fix?

          • Hi David, I can't speak to the update history on your web server or how the plugin author chose to update the change log. I can say with certainty that we developed our proof of concepts on version 0.8.5.6 and they didn't work any more yesterday evening with version 0.8.5.7. It looks like version 0.8.5.8 is now available and the change log for that version makes reference to our reported vulnerabilities. I hope this helps.

          • Hey Dan, i think plugin update is really ready now.

            Five minutes ago, 0.8.5.8. version update appeared in plugin update section.

            That was the problem, seems like plugin author really didn´t update the plugin with the fix.
            (Hope it is really fixed).

            Best Regards.

          • Hi David, I am glad it is clear now. Our proof of concept for the vulnerability worked for 0.8.5.6 but not for 0.8.5.7, so I think you were fine with 0.8.5.7. It's great to have clarity in the change log for 0.8.5.8 now though. Cheers!

    • v0.8.5.8 just became available (10 mins ago from writing this)

      Changelog :

      to remove hostname from exclude rule
      to fix file cache problem
      to change the mobile user-agents
      to fix Wordfence Security report

  • Definitely my best purchased yo guys are the top of the TOP, i feel security and peaceful in your hand! Keep doing that!

  • Great job Tim and crew! Always sleep better at night with Wordfence Premium. Thanks again.

  • You Guys are like a savior man.

    Thanks
    Shubham

  • Dan -

    Add my name to the chorus of kudos. I can't believe I even thought about publishing a site without WordFence protection. Never again! Thanks for doing what you do. Guys like me sleep much better at night knowing you have our backs.

    Martin

  • You guys like a Super man :)
    Thanks again for great support!

  • Awesome! Thanks for this information.

  • You guys awesome.Really doing great job.For you guys I can sleep peacefully without any tension for my blog.If any problems occur I know you guys will take care.

  • Yet another reason to be on top of updates.