Ad Inserter, a widely-used ad management plugin for WordPress, has been found to have a critical vulnerability. This flaw permits an authenticated user, even with subscriber-level privileges, to execute code on the affected website. Users of the plugin are strongly advised to update immediately.
Description of Ad Inserter Vulnerability
There are actually two vulnerabilities.
Authenticated Path Traversal Exploit
The first vulnerability is known as an Authenticated Path Traversal Exploit. This issue exists in Ad Inserter version 2.4.19 and earlier. Such exploits allow an attacker to access restricted areas of a site by manipulating the URL, using variables like ../. This helps the attacker to potentially execute code or access private information. According to the Common Weakness Enumeration, maintained by the U.S. Department of Homeland Security, this is how a path traversal exploit works:
"The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."
Authenticated Remote Code Execution
The second vulnerability, labeled as critical, was discovered on Friday, July 12th by the WordFence team and promptly fixed by Ad Inserter the next day, on Saturday, July 13, 2019. This is called an Authenticated Remote Code Execution (RCE). This vulnerability allows any registered user with permissions as low as a subscriber to execute arbitrary code on a WordPress installation. The RCE exploit affects Ad Inserter version 2.4.21 and earlier.
According to WordFence:
"On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin. We privately disclosed the issue to the plugin’s developer, who released a patch the very next day. This is considered a critical security issue…"
Ad Inserter Plugin Reacted Swiftly and Ethically
Almost all plugins and software may contain vulnerabilities. What’s crucial is the developer’s response to these issues and their transparency about it. The Ad Inserter team deserves praise for their rapid response and transparency regarding the updates. Ad Inserter informed users of the vulnerability through a changelog visible on the update page, signaling the urgency of the update.
The Ad Inserter team acted both swiftly and ethically, which is the best that can be expected from any WordPress developer.
Update Ad Inserter
All users of the Ad Inserter WordPress plugin are urged to log in to their WordPress installation and update their Ad Inserter plugin.
Read the WordFence announcement for more details.
