Wordpress is a big deal around here at 4GoodHosting, and like other Canadian web hosting providers we’ve recently recently debut our Managed Canadian Wordpress hosting here. It’s optimized for Wordpress sites, and the reason it’s been worth the time and efforts to put it together is that Wordpress powers more sites than any other source around the world. It’s certainly come a long way from its humble beginnings as a means of putting your blog on the web. But its popularity is also based on the thousands of plugins that users have to choose from to customize their pages. That popularity is the reason that these plugins and have become the target for SQL injection attacks recently, and with many of our web hosting in Canada customers having WP sites it makes sense for us to use this week’s blog entry to discuss this and make any one who the needs the info aware of the risk. This is because a little less than 2 months ago (December 19, 2022) a critical security alert was issued for users with multiple Wordpress Plugins. Apparently their inability to properly verify request parameters were increasing the risk for SQL injection attacks. The assumption was that the threat factor was magnified even more by the fact that many people have so many plugins utilized within their website that they may not even be able to identify whether or not they’re at risk. These types of attacks can give an attacker the ability to access sensitive information, prompt the deletion or modification of data, or even take control of the entire website. Input Validation Issue The biggest of these discovered vulnerabilities in a plugin specifically relates to the lack of proper input validation in the ‘code’ parameter in the /pmpro/v1/order REST route. What results is an unauthenticated SQL injection vulnerability, able to occur because the parameter was not properly escaped before being used in a SQL statement. The next serious vulnerability was found in a plugin that relates to the lack of proper input validation in the ‘s’ parameter in the ‘edd_download_search’ action. This specifically is being sent to stem from the ‘edd_ajax_download_search()‘ function located...
