Why did a major developer of web add-ons suddenly decide to "forget" about their products?
Cybersecurity experts from Wordfence recently discovered a serious threat to WordPress users using the Malware Scanner and Web Application Firewall plugins from miniOrange. Due to the critical vulnerability identified as CVE-2024-2172 and rated 9.8 on the CVSS scale, as well as the official termination of plug-in support, site owners are advised to immediately remove these extensions.
The danger applies to Malware Scanner versions up to and including 4.7.2 and Web Application Firewall versions up to and including 2.1.1. Instead of fixing vulnerabilities, the developer decided to stop supporting these products, which was officially announced on the plugin pages on March 7 this year. The number of active Malware Scanner installations exceeds 10,000, while Web Application Firewall is used on more than 300 sites.
The vulnerability allows attackers to increase their privileges to the site administrator level without authorization by changing the user's password. The lack of rights verification in the mo_wpns_init() function opens the way for hackers to fully control the target site.
After gaining administrative access, attackers can upload malicious files, change posts and pages, which often leads to redirects of users to fraudulent resources or the introduction of spam.
It is noteworthy that a similar vulnerability was recently discovered by Wordfence experts in another plugin — RegistrationMagic from Metagauss. The issue, identified as CVE-2024-1991 and rated critical with 8.8 points, allows registered users to upgrade their privileges to the site administrator level. The vulnerability affects all versions of the plugin up to 5.3.1.0, where it was fixed on March 11 this year.
Users are strongly encouraged to keep an eye on plugin security updates and regularly check their sites for vulnerabilities to prevent possible attacks.
Cybersecurity experts from Wordfence recently discovered a serious threat to WordPress users using the Malware Scanner and Web Application Firewall plugins from miniOrange. Due to the critical vulnerability identified as CVE-2024-2172 and rated 9.8 on the CVSS scale, as well as the official termination of plug-in support, site owners are advised to immediately remove these extensions.
The danger applies to Malware Scanner versions up to and including 4.7.2 and Web Application Firewall versions up to and including 2.1.1. Instead of fixing vulnerabilities, the developer decided to stop supporting these products, which was officially announced on the plugin pages on March 7 this year. The number of active Malware Scanner installations exceeds 10,000, while Web Application Firewall is used on more than 300 sites.
The vulnerability allows attackers to increase their privileges to the site administrator level without authorization by changing the user's password. The lack of rights verification in the mo_wpns_init() function opens the way for hackers to fully control the target site.
After gaining administrative access, attackers can upload malicious files, change posts and pages, which often leads to redirects of users to fraudulent resources or the introduction of spam.
It is noteworthy that a similar vulnerability was recently discovered by Wordfence experts in another plugin — RegistrationMagic from Metagauss. The issue, identified as CVE-2024-1991 and rated critical with 8.8 points, allows registered users to upgrade their privileges to the site administrator level. The vulnerability affects all versions of the plugin up to 5.3.1.0, where it was fixed on March 11 this year.
Users are strongly encouraged to keep an eye on plugin security updates and regularly check their sites for vulnerabilities to prevent possible attacks.
