Summary: A new vulnerability has been discovered in the Backup and Staging by WP Time Capsule plugin, which could allow unauthorized users to gain administrative access to affected sites.
Threat Actor: Unknown | Unknown
Victim: Websites using the Backup and Staging by WP Time Capsule plugin | Backup and Staging by WP Time Capsule plugin
Key Point :
- A vulnerability in the Backup and Staging by WP Time Capsule plugin allows unauthorized users to exploit a broken authentication mechanism and gain administrative access to affected sites.
- The flaw is due to a logical error in the plugin’s code, specifically in the wptc-cron-functions.php file.
- Attackers can bypass authentication checks and manipulate JSON-encoded POST data to elevate their privileges and log in as site administrators.
- The vulnerability was discovered by security experts at Patchstack.
Security researchers have found a new vulnerability in the Backup and Staging by WP Time Capsule plugin, affecting versions 1.22.20 and below.
The WordPress plugin, with over 20,000 active installations, facilitates website backups and update management through cloud-native file versioning systems.
However, the flaw allowed unauthorized users to exploit a broken authentication mechanism, potentially gaining administrative access to affected sites.
The vulnerability, discovered by security experts at Patchstack, stemmed from a logical error in the pluginβs code, specifically in the wptc-cron-functions.php file. By exploiting this flaw, attackers could bypass critical authentication checks, manipulating JSON-encoded POST data to elevate their privileges and effectively log in as site administrators.
βIt allows any unauthenticated user to log into the site as an administrator with a single request,β Patchstack explained. βThe only prerequisite is that someone has set up the plugin with a connection to the wptimecapsule.com site.β
Developer Response and Patch Implementation
This issue was reported to the plugin developers on July 3, who responded swiftly by releasing version 1.22.20 within six hours of notification to mitigate the initial vulnerability.
However, it was later noted that the initial patch was only partially effective, as the comparison method used in the fix could still potentially be circumvented.
Subsequently, version 1.22.21 was released on July 12, incorporating a more robust security fix involving additional hash comparisons to prevent further exploitation.
According to Patchstack, the incident underscores the importance of rigorous security protocols in plugin development for WordPress and other platforms.
βWe always recommend applying proper access control and authorization checks when writing a function that involves setting the authorization of a request based on user input variables,β the company wrote.
Users of the WP Time Capsule plugin are strongly advised to update to version 1.22.21 or later immediately to ensure their sites are protected.
Image credit: Primakov / Shutterstock.com
Source: https://www.infosecurity-magazine.com/news/wp-time-capsule-plugin-flaw
“An interesting youtube video that may be related to the article above”