Redux, a well known WordPress plugin with more than 1 million active installations recently fixed vulnerability. The vulnerability permitted a hacker to sidestep security efforts in a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Request Forgery (CSRF) attack is where an attacker exploits vulnerability in the code that permits them to perform activities on a website. This sort of attack exploits the credentials of an authenticated user.
The U.S. Department of Commerce defines CSRF like this:
“A type of Web exploit where an unauthorized party causes commands to be transmitted by a trusted user of a Web site without that user’s knowledge.”
This specific attack bypassed security checks by exploiting a coding bug that made a site inappropriately approve security tokens called nonces. Nonces are supposed to protect forms and URLs from attacks.
The WordPress developer page describes nonces:
“WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.
If your theme allows users to submit data; be it in the Admin or the front-end; nonces can be used to verify a user intends to perform an action, and is instrumental in protecting against Cross-Site Request Forgery(CSRF).
The one-time use hash generated by a nonce, prevents this type of forged attacks from being successful by validating the upload request is done by the current logged in user. Nonces are unique only to the current user’s session, so if an attempt is made to log in or out any nonces on the page become invalid.”
The flaw was in how the nonces were approved. This vulnerability was initially fixed in October 2020 however was once again introduced in a later update.
According to the WPScan security plugin site:
“The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide.”
WPScan and the WordPress Redux module both detailed that the CSRF vulnerability has been fixed.
WPScan described the current issue:
“The plugin re-introduced a CSRF bypass issue in v4.1.22, as the nonce is only checked if present in the request.”
The Redux Plugin changelog states:
“Fixed: CSRF security issue with a flipped if conditional.”
Redux is a plugin that permits publishers to browse and choose a huge number of Gutenberg blocks and templates. Blocks are sections of a site page and templates are whole page designs.
With over 1,000,000 active users, Redux plugin is one of the most used WordPress plugins.
It is energetically suggested that publishers using the Redux WordPress plugin quickly update to the most recent version, 4.1.24.
We at CodeLedge, provide Sweden’s best WordPress Development services. If you are still not sure about managing your website and maintain security, we can help you. Feel free to talk with us at email@example.com or get a quote from here.