Vulnerability & Patch Round-up — May 2022
2022-6-1 01:50:25 Author: blog.sucuri.net(查看原文) 阅读量:92 收藏

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

We’ve compiled a list of some important security updates and vulnerability patches for the WordPress ecosystem for May, 2022.


Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

On May 10th, important security updates were released for the Jupiter and JupiterX premium themes, as well as the JupiterX Core WordPress plugin.

These updates patch a set of vulnerabilities originally reported by WordFence’s Threat Intelligence team which include insufficient access control, local file inclusion, information disclosure, and a critical privilege escalation vulnerability that allows any website user to become an admin.

Vulnerability: Privilege Escalation

Affected Software: Jupiter Theme & JupiterX Core Plugin

Patched Versions: Jupiter Theme 6.10.2 & JupiterX Core Plugin 2.0.8

Security Risk: Critical

Exploitation Level: Easy

CVE: CVE-2022-1656

This critical vulnerability leverages a lack of capability or nonce checks for the uninstallTemplate function normally used to reset a website after a template has been uninstalled.

Logged-in users on vulnerable websites running the Jupiter theme can send an AJAX request with the action parameter set to abb_uninstall_template, which calls the uninstallTemplate function — this then calls the resetWordpressDatabase function, reinstalls the website, and elevates the user to an administrator role.

Websites running vulnerable versions of the JupiterX core plugin will find the same functionality whenever a logged-in user sends an AJAX request with the action parameter set to jupiterx_core_cp_uninstall_template.

Vulnerability: Local File Inclusion & Authenticated Path Traversal

Affected Software: Jupiter Theme & JupiterX Theme

Patched Versions: Jupiter Theme 6.10.2 & JupiterX Theme 2.0.7

Security Risk: High

Exploitation Level: Easy

CVE: CVE-2022-1657

When exploited, this serious vulnerability allows an attacker to obtain privileged information or perform restricted actions from any location on a website.

Logged-in users on websites with vulnerable versions of the JupiterX theme can exploit the jupiterx_cp_load_pane_action AJAX action, which calls the load_control_panel_pane function and allows the user to include any local PHP files via the slug parameter.

Websites running vulnerable versions of the Jupiter theme will find the same functionality when users exploit the mka_cp_load_pane_action AJAX action, which calls the mka_cp_load_pane_action and also allows the inclusion of local PHP files.

Vulnerability: Insufficient Access Control

Affected Software: Jupiter Theme

Patched Versions: Jupiter Theme 6.10.2

Security Risk: Medium

Exploitation Level: Easy

CVE: CVE-2022-1658

This vulnerability allows any authenticated user to arbitrarily delete a plugin from a vulnerable site by exploiting the abb_remove_plugin AJAX action.

Vulnerability: Information Disclosure, Modification & Denial of Service

Affected Software: JupiterX Core Plugin

Patched Versions: JupiterX Core Plugin 2.0.7

Security Risk: Medium

Exploitation Level: Easy

CVE: CVE-2022-1659

This vulnerability allows an attacker to view logged-in users and website configuration files, modify post conditions, or perform a denial of service attack by exploiting the vulnerable jupiterx_conditional_manager AJAX action to call functions found in the includes/condition/class-condition-manager.php file.


CP Image Store with Slideshow: SQLi

Vulnerability: SQLi

Affected Software: CP Image Store with Slideshow Plugin

Patched Versions: CP Image Store with Slideshow 1.0.68

Security Risk: Medium

Exploitation Level: Easy

CVE: CVE-2022-1692

This vulnerability leverages the improperly sanitized and escaped ordering_by query parameter prior to use in SQL statements on pages where the plugin is embedded. Unauthenticated attackers are able to leverage this vulnerability to inject malicious SQL.


The School Management: Unauthenticated Remote Code Execution

Vulnerability: RCE

Affected Software: The School Management Pro Plugin

Patched Versions: The School Management 9.9.7

Security Risk: Critical

Exploitation Level: Easy

CVE: CVE-2022-1609

This vulnerability leverages a backdoor found within the plugins license-checking code which allows unauthenticated attackers to execute arbitrary PHP code on any websites where the plugin is installed. The free version of the plugin does not contain the licensing code and is not affected.


KiviCare – Unauthenticated SQLi

Vulnerability: SQLi

Affected Software: KiviCare Plugin

Patched Versions: KiviCare 2.3.9

Security Risk: Medium

Exploitation Level: Easy

CVE: CVE-2022-0786

This vulnerability leverages improperly sanitized and escaped parameters prior to use in SQL statements. Unauthenticated attackers are able to leverage this vulnerability to inject malicious SQL.


Users who are not able to update their software to the latest version are encouraged to employ a web application firewall to virtually patch these vulnerabilities and protect their website.

WordPress 6.0 Core Updates

A new core update for WordPress has been released which features nearly 1,000 enhancements and bug fixes. We strongly encourage you to keep your CMS patched with the latest core updates to mitigate risk.

Antony Garand is Sucuri's Threat Researcher who joined the company in 2019. Antony's main responsibilities include researching vulnerabilities and dissecting malware. His professional experience covers many years of security research and development. When Antony isn't breaking stuff, you might find him at the dog park or learning new skills. Connect with him on Twitter

Reader Interactions


文章来源: https://blog.sucuri.net/2022/05/vulnerability-patch-round-up-may-2022.html
如有侵权请联系:admin#unsafe.sh