Get Started for Free
Advertisement
  1. SEJ
  2.  » 
  3. News

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

Redux Gutenberg Blocks Library & Framework, with over 1 million active users, patched a CSRF vulnerability

WordPress Redux Plugin Vulnerability Affects +1 Million Sites
Advertisement

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site Request Forgery (CSRF) attack.

Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) attack is a method where an attacker exploits a vulnerability in the code that allows them to perform actions on a website. This kind of attack exploits the credentials of an authenticated user.

The U.S. Department of Commerce defines CSRF like this:

“A type of Web exploit where an unauthorized party causes commands to be transmitted by a trusted user of a Web site without that user’s knowledge.”

Advertisement
Continue Reading Below

This particular attack bypassed security checks by exploiting a coding bug that caused a site to improperly validate security tokens called nonces. Nonces are supposed to protect forms and URLs from attacks.

The WordPress developer page describes nonces:

“WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.

If your theme allows users to submit data; be it in the Admin or the front-end; nonces can be used to verify a user intends to perform an action, and is instrumental in protecting against Cross-Site Request Forgery(CSRF).

The one-time use hash generated by a nonce, prevents this type of forged attacks from being successful by validating the upload request is done by the current logged in user. Nonces are unique only to the current user’s session, so if an attempt is made to log in or out any nonces on the page become invalid.”

Advertisement
Continue Reading Below

The flaw was in how the nonces were validated. This vulnerability was originally fixed in October 2020 but was reintroduced in a later update.

According to the WPScan security plugin site:

“The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide.”

WPScan and the WordPress Redux plugin both reported that the CSRF vulnerability has been fixed.

WPScan described the current issue:

“The plugin re-introduced a CSRF bypass issue in v4.1.22, as the nonce is only checked if present in the request.”

The Redux Plugin changelog states:

“Fixed: CSRF security issue with a flipped if conditional.”

Screenshot of Redux WordPress Plugin Changelog

Update Redux Gutenberg Blocks Library & Framework

Redux is a plugin that allows publishers to browse and choose from thousands of Gutenberg blocks and templates. Blocks are sections of a web page and templates are entire web page designs.

Advertisement
Continue Reading Below

With over a million active users, Redux plugin is one of the most used WordPress plugins.

It is highly recommended that publishers using the Redux WordPress plugin immediately update to the latest version, 4.1.24.

ADVERTISEMENT

Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!

Topic(s) of Interest*
By clicking the "SUBSCRIBE" button, I agree and accept the content agreement and privacy policy of Search Engine Journal.
Ebook

Roger Montti

Owner at Martinibuster.com

Roger Montti is a search marketer with over 20 years experience. I offer site audits, phone consultations and content and ... [Read full bio]

ADVERTISEMENT
Advertisement
Read the Next Article
Read the Next