Security Breach in Popular Plugin “User Role Editor” – User Can Become Admin

There is a major vulnerability in a popular plugin with over 300,000 active installs: User Role Editor 4.24 and older.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

If you are running User Role Editor, upgrade to the newest version which is 4.25 immediately.

Looking at a diff of the newest plugin release, the author was checking if users have access to edit another user using the ‘current_user_can’ function and checking for the ‘edit_user’ (without an ‘s’ on the end) capability on a specific user ID. The green code below was added.

Screen Shot 2016-04-04 at 9.58.02 AM

A user can edit themselves, and so sending data to the plugin that supplies the current user’s ID to this access check would bypass the check.

The fix released in version 4.25 (new code shown in green above) checks if the current user has the ‘edit_users’ capability which is a general access check that would fix this vulnerability.

The edit_user check that was being used is undocumented on the Roles wiki page, but it isused by WordPress core (in a secure way). So if you are using this check in your plugins, it is important to realize that it can be bypassed if used as a general access level check.

As always, please make sure that the rest of your plugins are at the newest version because we have seen several, less impactful vulnerabilities emerge during the past month.

Regards,

The Wordfence Team.

via Vulnerability in User Role Editor – Users Can Become Admins – Wordfence

Advertisements

Table Coding for WordPress.com users | wordpress tips

Just what I have been looking for: handy hints for coding tables in WordPress!

Contents

via Table coding for wordpress.com users | wordpress tips

Recommended: WordPress Simple Firewall Plugin

wordpress-simple-firewall-bannerThe WordPress Simple Firewall is our answer to WordPress security management.

We built it to solve a few key issues we found with WordPress security and existing WordPress security plugins, namely:

Ease of use (or lack thereof)
WordPress and web hosting compatibility (or lack thereof)
Effectiveness combined with simplicity (or lack thereof)
In this article I’ll give a bit of background to the ethos and motivations behind the WordPress Simple Firewall, and what exactly drives the development of features.

I want to answer some questions, such as why we set out to make this plugin in the first place, and where do we see the plugin going in the future, and why you might use this plugin over some of the more established alternatives.

Hopefully all these questions will be cleared up by the time you reach the end. Buckle in. 🙂

Why did we build the WordPress Simple Firewall Plugin for WordPress?

Basically it came down to being unhappy with the current state of WordPress security plugins on the market.

Let me first be clear, there is no way to fully secure your sites against all of the many different attack methods out there, and WordPress security should be only 1 part of your security plan. All you can do is reduce surface area to attack.

The best way to understand why we built the Simple Firewall plugin is to see the principles upon which it is constructed. We found many of the pre-existing plugins didn’t meet our requirements for a security plugin, and felt we had a role to play in making WordPress security more accessible, more compatible, and above all… more secure.
Continue reading “Recommended: WordPress Simple Firewall Plugin”

What Font is That? WordPress Theme Fonts

Ever wonder what fonts a WordPress Theme like Chateau uses?

Check out this very convenient list from this amazing resource: http://wpbtips.wordpress.com/2010/09/07/theme-fonts/.