Due to a vulnerability in Real-Time Find and Replace, one of WordPress’s popular plugins, over 100,000 pages that downloaded this plugin became vulnerable to malicious attacks. It is stated that the deficit in the plugin will disappear with the upcoming version 4.0.2.
It has been discovered that a plugin that downloads and uses more than 100,000 pages on the popular blog and personal publishing site WordPress can cause big problems. The vulnerability in the popular plug-in called Real-Time Find and Replace enables malicious intervention to pages. Malicious codes can be added to the page captured through the method called Cross-Site Request Forgery (CSRF).
What causes the vulnerability?
The Real-Time Find and Replace plugin allows administrators to dynamically replace any HTML content in WordPress with new content, even before a page appears in the user’s browser, without having to constantly change the source content. Thus, when a user uses a site with original content, any displacement code or content is executed.
‘Far_options_page’, which is one of the main functions used for this feature, does not perform one-time key verification, so source validation does not occur whenever the request to find and relocate rules update, which causes CSRF vulnerability. CSRF attacks are cited as malicious requests from an authenticated user to a web application. In this case, user interaction is needed to exploit the vulnerability. To do this, it is sufficient to direct the manager to a malicious link in the e-mail or comments.
On the other hand, upgrading the Real-Time Find and Replace plugin to its latest version, 4.0.2, is stated to solve the problem. One-time key verification is recorded in the new version.