Vulnerability in Revmakx InfiniteWP Client Plugin Detected

Vulnerability in Revmakx InfiniteWP Client Plugin Detected

A cybersecurity advisory was issued today, Jan. 16, 2020, regarding a vulnerability in the Revmakx InfiniteWP Client Plugin for WordPress. The vulnerability could allow a malicious individual to bypass authentication with admin privileges, which could potentially lead to a breach.

What It Is:
A vulnerability has been discovered in the Revmakx InfiniteWP Client Plugin that could allow for authentication bypass. WordPress is a web-based publishing application implemented in PHP, and the Revmakx InfiniteWP Client Plugin allows website administrators to manage an unlimited number of WordPress sites from a centralized management server.

Successful exploitation of this vulnerability could allow for authentication bypass with admin privileges.

Read the original Bleeping Computer security article.

Threat Intelligence:
On Jan. 14, WebARX published a proof-of-concept for this flaw in WordPress InfiniteWP Client Plugin. The PoC is available here.

Systems Affected:

• Revmakx InfiniteWP Client Plugin prior to 1.9.4.5

Risk:
Government:
• Large and medium government entities: High
• Small government entities: Medium
Businesses:
• Large and medium business entities: High
• Small business entities: Medium
Home users: Low

What It Means:
If you and/or your business utilize the Revmakx InfiniteWP Client Plugin, you will need to apply appropriate updates provided by Revmakx manually to affected systems following proper testing.

Technical Summary:
A vulnerability has been discovered in the Revmakx InfiniteWP Client Plugin that could allow for authentication bypass. This vulnerability exists because the plugin fails to properly authenticate users accessing the iwp_mmb_set_request function in the init.php file. An unauthenticated attacker can exploit this issue by encoding the payload containing the admin username with JSON, then Base64 and sending it via POST request to the affected site.

What To Do:
We recommend the following actions be taken:

• Apply appropriate updates provided by Revmakx manually to affected systems immediately after appropriate testing.
• Apply the Principle of Least Privilege to all systems and services.
• Verify no unauthorized system modifications have occurred on the system before applying the patch.
• Monitor intrusion detection systems for any signs of anomalous activity.
• Unless required, limit external network access to affected products.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in the Revmakx InfiniteWP Client Plugin including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.