MalCare Blocks Critical Privilege Escalation Vulnerability in Post Grid and Gutenberg Blocks Plugin

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

On August 14th, 2024, a major security flaw was discovered in the widely-used Post Grid and Gutenberg Blocks plugin, specifically in versions 2.2.87 to 2.2.90.

In this article, we will walk you through the details, its severity, and most importantly, what you need to do to secure your website.

But first, scan your site immediately if it uses this plugin!

What is the vulnerability?

Post Grid and Gutenberg Blocks plugin
Post Grid and Gutenberg Blocks plugin

The Post Grid and Gutenberg Blocks plugin helps enhance WordPress’s native block editor, Gutenberg, by providing additional functionality like forms for surveys, comments, and user profile editing.

However, versions 2.2.87 to 2.2.90 have a severe vulnerability that can allow a subscriber-level user to elevate their privileges to an administrator.

In simple terms, someone with minimal access could gain full control of your website without your knowledge. This is known as privilege escalation.

Should you be worried?

This vulnerability has been assigned a CVSS score of 8.8 (High), which means it’s severe. An attacker gaining administrator access can do anything from installing malicious plugins to deleting your site. With over 40,000 active installations of this plugin, many sites could be at risk.

Imagine giving the keys to your house to a stranger. That’s how risky this vulnerability is for your website.

MalCare protection

If you are a MalCare user, here’s how MalCare has protected your site:

1. You’ve been informed: We sent notifications to all sites using the vulnerable plugin.

2. Your site is proactively protected from all attacks: Our intelligent Atomic Security firewall has proactively blocked any attempt to exploit this vulnerability.

Atomic Security has improved WordPress security by protecting weak spots that are often attacked. This way, even new threats are blocked automatically, without needing any user action.

What should you do next?

1. Update your plugin: Developers of the Post Grid and Gutenberg Blocks, PickPlugins, have released a patched version (v2.2.91). Update your plugin immediately.

2. Check for compromise:

  • User roles: Go to your WordPress dashboard and check the list of users. Look for any suspicious accounts, particularly those with admin privileges.
  • Unusual activity: Review recent activities on your site for anything unusual like new and unfamiliar plugins or themes. MalCare’s Activity Log helps make this process convenient.
Popup Builder plugin hacker activity
MalCare Activity Log

3. Actions to take if compromised:

  • Scan your site: Use MalCare to scan your site thoroughly and remove all infections. Hackers may have installed malware or added backdoors to your site. MalCare can remove all such instances in one click.
MalCare malware scan
  • Revert suspicious changes: Audit the accounts on your site and remove any newly elevated admin accounts that you didn’t authorize.
  • Change passwords: Immediately change the passwords of all admin accounts. Advise your users to do the same. Create strong passwords that are not easily guessable.

Technical details of the vulnerability

Here’s a deeper dive for those technically inclined:

  • Issue: The function form_wrap_process_userProfileUpdate() did not properly restrict user meta values. Any authenticated user could update their user meta, including the pivotal wp_capabilities key, enabling them to become an administrator.
Vulnerable code 1
  • Root cause: The plugin lacked checks on the user meta keys or values obtained from the user_meta parameter, making it possible to supply any key/value combination, including wp_capabilities[administrator]=1.
Vulnerable code 2

Timeline

  • Vulnerability was discovered on August 14th, 2024, by researcher wesley (wcraft), who reported it through Wordfence’s Bug Bounty Program.
  • Wordfence notified PickPlugins, the plugin creators, on August 28th, 2024.
  • PickPlugins released a patch on September 5th, 2024, with version 2.2.91.

How MalCare’s protection works

MalCare’s Atomic Security firewall proactively blocks such vulnerabilities. Our firewall uses a signal-based approach to identifying vulnerabilities, instead of a sample-based one, and smartly prevents any attempts to exploit similar vulnerabilities. It doesn’t wait for an alarm to react but notices suspicious behavior and stops it in its tracks. This AI-powered approach is crucial in today’s fast-evolving threat landscape.

General advice on protection

1. Keep everything updated: Always use the latest versions of plugins, themes, and WordPress core.

2. Backup regularly: Regular backups ensure you can quickly restore your site if compromised. MalCare takes backups regularly without requiring any intervention from you.

3. Use security plugins: Use comprehensive security solutions like MalCare to monitor and protect your site around the clock.

4. Strong passwords: Ensure all user accounts have strong, unique passwords.

5. Login protection: Implement login security measures like 2FA, CAPTCHA, and login limits to prevent brute-force attacks on your site.

By staying informed and taking proactive steps, you can keep your WordPress site secure from vulnerabilities like this one.

Category:

You may also like


WordPress Site Not Loading: 7 Easy Fixes
WordPress Site Not Loading: 7 Easy Fixes

You’ve probably experienced a small business’s website crashing during a Black Friday sale. Eager shoppers flood the site all at once causing it to become unresponsive. This is one of…

Solve: The Site Is Experiencing Technical Difficulties
Solve: The Site Is Experiencing Technical Difficulties

“The site is experiencing technical difficulties” error can feel frustrating. Just when you’re about to update a plugin or upgrade your PHP, this pesky problem appears. And sometimes, it locks…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.