Home » News » Researchers discovered a backdoor in Slick Popup WordPress-plugin

Researchers discovered a backdoor in Slick Popup WordPress-plugin

Experts from Defiant company discovered a problem in WordPress-plugin Slick Popup, from which attackers can get into vulnerable websites and create backdoor-accounts. Issue affects all plugins’ versions, including the newest 1.7.1.

Plugin Slick Popup accounts about 7000 installations and was developed by Om Ak Solutions. Slick Popup created for working in conjunction with other popular WordPress solution – Contact Form 7.

Defiant researchers noted that in Slick Popup present dangerous functionality that in case of turning to technical support allows the user of the plugin to provide access to Om Ak Solutions specialists.

The problem is that for this purpose used special account with the same credentials for all installations: Slickpopupteam/OmakPass13 #.

Experts fear that attackers can easily compile lists of all sites using Slick Popup, and then check if there are special accounts for technical support.

Using this access, the attackers will be able to create other accounts themselves, leaving a backdoor on the site. In addition,level of access of an attacking user is unimportant, even simple “Subscriber” can create a backdoor.

“Attackers with at least Subscriber access to an affected site can create this user on their own. Since the AJAX action used to generate this user doesn’t contain any capabilities checks, it can be accessed by any logged-in user. This, combined with the hard-coded credentials in the plugin, means any user with an account can grant themselves administrative access and take over a site”, — reported in Defiant.

Currently, Om Ak Solutions developers have prepared a patch for the paid version of the plug-in only, while the free version is still vulnerable (although it is temporarily unavailable for download).

READ  Ransomware MegaCortex attacks companies in Europe and North America

As a result, Defiant experts strongly recommend that users should temporarily disable or remove Slick Popup altogether. However, there is a third option: deactivate access function for technical support (action_splite_support_access AJAX), thereby limiting the creation of new accounts. However, researchers warn that this will not help to eliminate already existing backdoor account.

Source: https://www.wordfence.com/blog

[Total: 1    Average: 3/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

ERosary smart rosary vulnerabilities

Researchers found vulnerabilities in eRosary smart rosaries from Vatican developers

Researchers found vulnerabilities in the eRosary smart rosary, which the Vatican developers had previously introduced. …

KRACK for Amazon Echo and Kindle

KRACK Vulnerability Threats Millions of Amazon Echo and Kindle Devices

Millions of 1st generation Amazon Echo smartphones and 8th generation Amazon Kindle e-books have been …

Leave a Reply