Blog
11.18.2020

CVE-2020-28037 WordPress RCE

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base Score is 9.8 (Critical)

1.3        Affected Version

WordPress before 5.5.2

1.4        Vulnerability Attribution

This issue was reported publicly by Omar Ganiev.

1.5        Risk Impact

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.

WordPress is used by more than 60 million websites,[5] including 33.6% of the top 10 million websites as of April 2019. WordPress is one of the most popular content management system solutions in use. WordPress has also been used for other application domains such as pervasive display systems (PDS).

The process for exploiting this DOS + RCE attack is explained in detail. That being said, it requires someone with lot of skill to perform this attack.

1.6        Virsec Security Platform (VSP) Support:

Virsec security platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Jump to: List of CVE Vulnerabilities

 

About the Author
Satya Gupta is Virsec’s visionary founder, with over 25 years of expertise in embedded systems, network security and systems architecture. Satya has helped build and guide the company through key growth phases from initial funding (2015), developing core technology with key partners including Raytheon and Lockheed (2016-2018), to launching an enterprise class, GA product (2019). Prior to this, Satya built a highly profitable software design and consulting business targeting data networking, application security and industrial automation projects. He was also Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya has more than 40 patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.