A serious XXE security vulnerability has been discovered in the WordPress platform, according to researchers. An hacker could use this bug to steal files from target sites by exploiting it. The security vulnerability has been patched in the new version of WordPress. As a result, all WordPress administrators can update to the most recent WordPress release as soon as possible.
The XXE Security Vulnerability
According to reports, the SonarSource security team discovered an XML External Entity (XXE) injection vulnerability in WordPress. By exploiting the flaw, an hacker can obtain remote access to the target site and steal data. After gaining access to the server, the hacker could easily retrieve arbitrary files or launch Server-Side Request Forgery (SSRF) attacks.
However, there were some drawbacks to exploiting CVE-2021-29447. Firstly, it was essential for the hacker to have file upload permissions on the target website, such as the author role. But, according to the researchers, an hacker can use this bug in conjunction with other bugs to carry out the attack even with lower privileges. Secondly, the target WordPress site must run on PHP 8 in order to be exploited successfully.
As a Proof of Concept, the researchers have shared the video.
Patch Released
The researchers informed the WordPress team of the flaw in WordPress 5.7 as soon as they discovered it. As a result, with the release of WordPress 5.7.1, the developers fixed the bug.
WordPress also fixed another bug in this version, a data exposure vulnerability in the REST API. They acknowledged Mikael Korpela for alerting them about this security vulnerability.
WordPress has also patched 24 other bugs in the new update, in addition to the two security updates.