Firewall Firm is a Managed Cyber Security Company in India
Home » Tag: firewall comparison 2018

Tag Archives: firewall comparison 2018

Home » Tag: firewall comparison 2018

Zero-day vulnerability in ‘Total Donations’ plugin could allow attackers to take over WordPress sites

  • The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations.
  • The plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.

WordPress site owners are being alerted about an unpatched vulnerability discovered in ‘Total Donations’ plugin. The vulnerability, identified as CVE-2019-6703, could allow attackers to take over affected sites.

Security expert Mikey Veenstra from Defiant observed that attackers have been using this zero-day vulnerability to infect several WordPress sites over the past week.

About CVE-2019-6703

The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations from the respective user bases.

Giving more details, Veenstra explained that the plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.

“Searching the site’s codebase for the strings migla_getme and miglaA_update_me revealed the installed Total Donations plugin, and we quickly identified the exploited vulnerabilities as well as the attacker’s workflow,” said Veenstra in a blog post.

Where does the flaw exist?

The plugin in question contains an AJAX endpoint that can be queried by any unauthorized person.

“Total Donations registers a total of 88 unique AJAX actions into WordPress, each of which can be accessed by unauthenticated users by querying the typical /wp-admin/admin-ajax.php endpoint. We have determined that 49 of these 88 actions can be exploited by a malicious actor to access sensitive data, make unauthorized changes to a site’s content and configuration, or take over a vulnerable site entirely,” Veenstra added.

The AJAX endpoint allows an attacker to change the core setting value of any WordPress site. It can also enable the hacker to modify the destination account of donations received through the plugin and even retrieve Mailchimp mailing lists.

Defiant said that the developer’s site for the plugin appears to have gone inactive since May 2018. As there is no security patch for the vulnerability, users are therefore requested to delete or deactivate the plugin as soon as possible in order to secure their sites.

Best Enterprise Firewall 2018

Best Enterprise Firewall 2018

Best Enterprise Firewall 2018
Fortinet FortiGate
Cisco ASA
Sophos UTM
pfSense
Meraki MX Firewalls
Sophos Cyberoam UTM
WatchGuard XTM
Juniper SRX
SonicWall TZ
SonicWall NSA
Barracuda NextGen Firewall
Sophos XG
FortiGate-VM
Cisco Firepower NGFW
Zscaler Web Security
Cisco Sourcefire Firewalls
Check Point UTM-1
Check Point VSX
Kerio Control
Untangle NG Firewall
Palo Alto Networks VM-Series
Cisco ASAv
Check Point Next Generation Firewall
Cisco IOS Security
Palo Alto Networks Next-Generation Firewall
Stormshield Network Security
OPNsense
Check Point VPN-1
McAfee StoneGate
Check Point Power-1
Trustwave Firewalls
McAfee Firewall Enterprise MFE
3Com H3C Firewall
A10 Networks Thunder CFW
Hillstone E-Series
NetFortris Hosted Firewall
NetFortris Threat Analyzer
WatchGuard Firebox
Hillstone T-Series
Fortinet FortiOS
Hillstone X-Series Data Center Firewalls
Hillstone CloudEdge
Sonatype Nexus Firewall
Comodo Dome Firewall
Sangfor NGAF
Read More »