WordPress Theme 'Elegant' Privilege Escalation

By
Nash N Sulthan
Published on
29 Jun 2018
1 min read
Vulnerability

A privilege escalation attack is a vulnerability that affects the server’s underlying operating system. In this attack, the attacker tries to gain elevated access to the resources that are typically protected from an application user. An application with all access privilege by the application developer or system administrator can perform unauthorised actions. All versions of WordPress with vulnerable plugins might have an issue by which it will allow authenticated users of any user level to set system option. This attack is possible due to the lack of validation implemented by the developer. This vulnerability allows an attacker to create a new account with admin privileges. This change by the attacker can have catastrophic effects on the application. There are plugins like easycart that allowed any user to change their privileges from low to high by manipulating ec_ajax_update_option and ec_ajax_clear_all_taxrates functions. These functions were available at /inc/admin/admin_ajax_functions.php. Using the vulnerable plugin, the attacker could change the admin’s E-Mail address to prevent the admin from getting notifications. The attacker will set a new administrator account using his ID. A successful exploitation gives the attacker complete access to the web application.

Impact

Using this vulnerability, an attacker can:-

  • make the site administrator lose access to the server.
  • leak sensitive information causing a data breach.
  • make changes to the data causing data manipulation.

Mitigation / Precaution

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment