The Threat Intelligence team of Wordfence security firm disclosed two vulnerabilities in the Gutenberg Template Library & Redux Framework plugin on August 3, 2021, and it’s installed on over 1 million WordPress sites.
However, after detecting the vulnerabilities, the experts stated that one of the vulnerabilities enabled the users with lower permissions, like contributors, to install and to operate the arbitrary plugins, not only this they can also delete any post or page with the help of the REST API.
On the other hand, the second vulnerability enabled the threat actors to access potentially all kinds of delicate data regarding a site’s configuration. However, they noted that the Wordfence Premium users have got a firewall rule, as it will eventually help them to protect against the vulnerability that is continuously targeting the REST API.
Vulnerabilities Detected
- Description: Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion
- Affected Plugin: Gutenberg Template Library & Redux Framework
- Plugin Slug: redux-framework
- Affected Versions: <= 4.2.11
- CVE ID: CVE-2021-38312
- CVSS Score: 7.1(High)
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
- Researcher/s: Ramuel Gall
- Fully Patched Version: 4.2.13
- Description: Unauthenticated Sensitive Information Disclosure
- Affected Plugin: Gutenberg Template Library & Redux Framework
- Plugin Slug: redux-framework
- Affected Versions: <= 4.2.11
- CVE ID: CVE-2021-38314
- CVSS Score: 5.3(Medium)
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Researcher/s: Ramuel Gall
- Fully Patched Version: 4.2.13
After detecting the vulnerabilities the security researchers have contacted the publisher of the plugins Redux.io, and they replied to the request immediately. Soon after that, a fully patched version of the plugin, 4.2.13, has been released on August 11, 2021.
Moreover, the analysts of Gutenberg Template Library along with the Redux Framework plugin are generally allowing the site proprietors to add blocks and block templates as it will help the owners to increase the functionality of their site, and they can implement it by choosing them from a library.
To perform this procedure the owners are required to use the WordPress REST API to prepare requests to list and install possible blocks, maintain existing blocks, and many more.
These two vulnerabilities are a high-severity vulnerability that has been detected in the Gutenberg Template Library as well as in Redux Framework.
These vulnerabilities have conceded contributor-level users to install and initiate plugins and after that, they can easily delete posts and pages from a site, and the other vulnerability has been found as a lower-severity vulnerability that uncovered potentially delicate information.
The threat actors are using these vulnerabilities as tools to implement all their planned operations and attacks. Therefore, users must update to the latest version of the plugin, 4.2.14 as soon as possible, because it is fully patched and will help the users to stay safe from this kind of attack.
Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates
