MalCare Defends Against Login/Signup Popup Privilege Escalation Vulnerability
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
Imagine realizing that your once-secure office building, with restricted access to only trusted personnel, is now accessible to unauthorized individuals who have the same executive privileges as you!
Now, imagine that office building to be your WordPress siteā¦ Scary, right?
This alarming scenario recently became a reality for websites that use the Login/Signup Popup plugin, which was hit by a critical privilege escalation vulnerability. Due to this vulnerability, any ordinary subscriber could promote themselves to an administrator level, gaining the authority to alter content, install potentially dangerous software, and overall, take full control of your site.
If you have the Login/Signup Popup plugin installed, scan your site immediately with MalCare!
What is the vulnerability?
Plugin information
- Vulnerable plugin versions: v2.7.1 and v2.7.2
- Patch release version: v2.7.3
About the vulnerability
Login/Signup Popup is a plugin that simplifies user registration, login, and password reset processes. It boasts extensive customizability for forms and has over 40,000 active installations.
The Login/Signup Popup plugin is vulnerable to privilege escalation due to improper usage of the import_settings()
function in v2.7.1 and v2.7.2.
The import_settings()
function is used to import the plugin’s admin settings. However, in the vulnerable version, this function lacked both capability checks and nonce checks. This omission allows authenticated attackers with subscriber-level permissions to invoke the AJAX function.
Upon further investigation, it was discovered that there are no restrictions on the option names that can be updated. Crucially, this means the settings that can be modified are not confined to the pluginās own settings. As a result, attackers can update arbitrary options by sending direct requests to the server with chosen option names and values.
WordPress site options influence a range of settings including site URLs, general settings, registration, and user roles, among others. Like any Arbitrary Options Update vulnerability, this can facilitate a full site compromise. And this can be initiated with just Subscriber-level access. Consequently, this vulnerability has been assigned a CVSS score of 8.8 (High).
For instance, an attacker can change the default registration role to administrator and enable user registration (if it wasnāt already enabled). After altering the site options, the attacker can create an administrative account on the WordPress site. Once registered and logged in, they can manipulate the site as a normal administrator would, including uploading plugins and theme filesāwhich might be malicious ZIP files containing backdoorsāand modifying posts and pages to redirect site users to malicious sites.
Nevertheless, MalCareās dynamic Atomic Security firewall remained proactive during the entire development process. Leveraging in-depth WordPress knowledge, it automatically updated itself to defend against the Login/Signup Popup vulnerability. As a result, our users continue to benefit from uninterrupted, robust protection.
This vulnerability has now been fixed with the release of Login/Signup Popup v2.7.3 on May 28, 2024.
Who discovered this vulnerability?
The Login/Signup Popup privilege escalation vulnerability was discovered by independent security researcher 1337_Wannabe on May 17, 2024, who reported it to Wordfenceās Bug Bounty Program. Consequently, Wordfence informed Xootix, the plugin developers, on May 27, 2024, following which a patch was released on May 28, 2024.
How is your WordPress site at risk?
Your WordPress site is at risk if it runs the Login/Signup Popup plugin v2.7.1 or v2.7.2.
Imagine youāve installed the most advanced security system in your house but accidentally left a spare key under the doormat. Thatās a lot like what happened with the vulnerability in the Login/Signup Popup plugin. It’s akin to inviting trouble unwittingly.
In simple terms, an ordinary user could upgrade their access to an administrator level without your consent, effectively giving themselves full control of your digital domain.
We strongly recommend that you update the Login/Signup Popup plugin on your WordPress site immediately, at least to v2.7.3, regardless of whether you are a MalCare user or not! Doing so will safeguard your site, protect your reputation, and maintain your visitors’ trust.
How to clean your site?
If your WordPress site is compromised, here are some practical steps to recover and bolster your siteās security:
- Initiate a MalCare scan: Use MalCare to quickly eliminate any malware and fortify your site against future attacks with its Atomic Security feature.
- Update plugins and themes: Regularly check and update all your plugins and themes, particularly the User Registration plugin. Older versions might contain vulnerabilities that hackers exploit. MalCareās dashboard alerts you about outdated plugins and themes, simplifying maintenance and enhancing site security.
- Review user roles and permissions: Assess the roles and permissions assigned to all users. Immediately revoke access if anything seems suspicious.
- Refresh WordPress salts and security keys: This process will force all users to log out and terminate active sessions, thereby enhancing your siteās security. MalCare includes this step in its cleanup routine for added convenience.
- Change login credentials: Promptly update your admin password. Ensure all user sessions are terminated, advise users to change their passwords, and encourage the use of strong, new passwords.
- Enhance login security: Implement two-factor authentication (2FA) and limit login attempts to reduce the risk of unauthorized access.
- Continuously monitor your site: MalCare handles this by continuously monitoring your site for any unusual activities, providing alerts for potential threats, and persistently scanning for malware.
How does MalCare protect your site?
Beyond Atomic Security, MalCare ensures comprehensive security for your WordPress site with an array of essential features, such as:
- Rapid malware detection and cleanup: MalCare performs daily scans of your site, automatically identifying any malware. If malware is found, its powerful removal tool swiftly eradicates it, restoring your siteās security and health.
- Vulnerability scanning: MalCare continuously monitors your plugins and themes for potential vulnerabilities. When issues are detected, it promptly alerts you, allowing you to reinforce your siteās defenses.
- Bot protection: Understanding the detrimental effects bots can have on your siteās performance, MalCare implements robust defenses to prevent bot interference, ensuring the smooth operation of your site.
- Reliable backups: MalCareās automated, offsite backup system prepares you for any eventuality. These backups act as a safety net, enabling quick recovery if any problems arise.
MalCare wraps your WordPress site in a protective shield, combining proactive measures with strong defenses to maintain your siteās security and integrity.
Category:
Share it:
You may also like
8 Quick Fixes for WordPress Images Not Loading
When WordPress images fail to load, you might see empty spaces where images should be. This can leave visitors wondering whatās wrong or give your site an unprofessional look. Much…
Fix WordPress High CPU Usage in 10 Easy Ways
Are you getting alerts from your host about CPU spikes? Have visitors commented on slow loading times? These are all signs of high CPU strain. When combined with other WordPress…
7 Ways to Fix WordPress Permalinks Not Working
Permalinks are the human-friendly URLs you see on WordPress sites. They help people find pages and posts easily. They keep things clear and tidy. They are like street signs for…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.