Two security vulnerabilities have been discovered in the Houzez WordPress theme and its associated Login Register plugin, which are widely used in the real estate sector and currently count for 46,000 sales.
Discovered by PatchStack, these flaws, now patched, could allow unauthorized users to escalate their privileges, potentially compromising entire WordPress sites.
The primary issue was an unauthenticated privilege escalation vulnerability within the Houzez theme. This flaw enabled unauthenticated users to gain elevated privileges by executing specific HTTP requests.
The vulnerability stemmed from inadequate authorization checks in the code that processes user input. Specifically, the function responsible for password resets did not verify if the user requesting the reset was the account owner, allowing anyone to change passwords indiscriminately. This vulnerability has been assigned CVE-2024-22303.
“The page included a nonce check, but any user with a Subscriber role can fetch the nonce, and if the plugin enables registration, anyone could register to get the nonce token,” PatchStack explained.
Read more: How to Secure Your Website from a Cyber Attack in 2024
Additionally, the Houzez Login Register plugin exhibited similar weaknesses. It allowed unauthenticated users to modify email addresses associated with any user account, which could lead to account takeovers. This vulnerability has been designated CVE-2024-21743. The plugin’s function for updating user information lacks proper checks, enabling attackers to exploit it easily.
To address these vulnerabilities, the vendor has released updates for both the Houzez theme and the Login Register plugin, urging users to upgrade to version 3.3.0 or higher. The updates include enhanced role checks and the removal of the vulnerable function from the plugin.
“Supplying user input to functions like wp_update_user(), update_user_meta() or similar functions should only be allowed under strict whitelisting options,” PatchStack warned. “Otherwise, the values should be checked and set by the vendor according to the right privilege levels.”
Source: Infosecurity Magazine
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences … - Ransomware Attack Forces UMC to Divert Emergency Patients
The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients. UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, … - British Hacker Charged in the US For $3.75m Insider Trading Scheme
A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …
