wpCentral plugin vulnerability allows attackers to gain admin control
Wordfence informed today they found out on February 13 a vulnerability on the WordPress plugin wpCentral installed on over 60,000 sites, that allows the attacker to register as a subscriber and then gain access as administrator.
wpCentral is a plugin that works with wpCentral management dashboard and allows you to manage different WordPress websites from a single WordPress panel without having to log in onto each one separately, in order to achieve this, the plugin creates a 128 character authorization key that’s stored in the wpcentral_auth_key and this key is the one that the attackers use to gain access to the website.
In a video Wordfence showed how a hacker could gain control over the website following these simple steps:
- The attacker registers himself as a subscriber in the website
- The attackers logs in
- Once logged in, the hackers access the page source code and searches for the wpCentral connection key
- Copy the connection key
- Log out from his account
- Sends an ajax request to the website with the connection key that was copied from the source code
- Voilà! The attacker accessed as administrator now
And yes, this is the “manual” procedure, but attackers will use scripts in order to do this, so if you are using this plugin update it immediately to the latest version 1.5.2