WordPress administrators need to update their websites again to receive plugin updates, especially if they use the WPML plugin. Researchers have found a critical vulnerability in the WPML plugin, allowing remote code execution attacks.
WPML WP Plugin Vulnerability Allowed Remote Code Execution
A security researcher with the alias ‘stealthcopter’ discovered a critical vulnerability in the WPML WordPress plugin.
As explained in his blog postThe vulnerability could allow an authenticated third-party adversary to execute malicious code on the target website.
The problem mainly occurs with the “handling of shortcodes within the plugin”. Due to improper input sanitization while rendering shortcodes via Twig templates, server-side template injection (SSTI) becomes possible. Therefore, an adversary with authenticated access to the target site can inject malicious codes.
The researcher responsibly disclosed the vulnerability through Wordfence’s bug bounty program. According to Wordfence advisorythe vulnerability, identified as CVE-2024-6386received a critical severity rating with a CVSS score of 9.9. The advisory describes the error and reads:
The WPML plugin for WordPress is vulnerable to remote code execution in all versions through 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and cleanup of the render function. This allows authenticated attackers, with Contributor level access or higher, to execute code on the server.
The researchers presented a PoC for the vulnerability in its blog post. He also emphasized the need for developers to ensure proper sanitization and validation of user input, especially while dynamically rendering content.
Patch implemented
Following the researcher’s bug report, Wordfence worked with the plugin developers to fix the vulnerability. Consequently, the bug that affected all plugin versions up to v.4.6.12 was eventually patched WPML 4.6.13 And WooCommerce Multilingual 5.3.7.
In addition to ensuring a quick fix of the vulnerability by the developers, Wordfence also rewarded the researcher with a $1,639 bounty for the bug report.
WPML plugin is a special one WooCommerce plugin that provides multi-language and multi-currency support for websites. It currently proud of more than 100,000 active installations, representing the enormous number of websites potentially at risk due to vulnerabilities in plugins. Therefore, it is crucial for all WordPress administrators using this plugin to update their sites with the latest plugin release.
Let us know your thoughts in the comments.
