Quick Fix for Unpatched WordPress File Delete Security Issue

, , , , ,
  • THIS SECURITY ISSUE WAS RESOLVED WITH THE LATEST WORDPRESS RELEASE

PHP security researchers from RIPSTECH recently disclosed details about an unpatched security flaw impacting WordPress websites up to and including version 4.9.6.

This vulnerability affects the WordPress core, and not any plugin or theme. More precisely, the flaw was found in a PHP function that deletes thumbnails for images uploaded on a WordPress website. This flaw allows for the insertion of malicious code which may traverse the servers’ directories allowing for the deletion of crucial files. Something which isn’t possible without FTP or server access.

The severity of this vulnerability is reduced by the fact that only users of a certain access level (Author or higher) can attempt an exploit. However, if an attacker manages to register even a low-level “Subscriber” account on a site and then elevates its privileges, they can exploit this vulnerability to hijack the site.

Thanks to the security researchers over at RIPSTECH, they not only disclosed this issue but they also created and provided a temporary hotfix.

 

Would you like prompt assistance? If you don’t have time or are not comfortable taking the risk of adding custom code to your website, let us get this done for you now!

 

Security Flaw Solution

The RIPSTECH quick fix may be integrated into an existing WordPress installation by adding the following code to your functions.php file of the currently active theme or child-theme.

 

/*
** WordPress File Delete Temporary Hotfix
** Removes ability of user traversing directories when removing thumbnails
** Discovered and patched by RIPSTECH - Thank you!
*/
add_filter( 'wp_update_attachment_metadata', 'dir_traverse_unlink_tempfix' );
function dir_traverse_unlink_tempfix( $data )
{
if( isset( $data['thumb'] ) )
{
$data['thumb'] = basename( $data['thumb'] );
}
return $data;
}

 

Should you need assistance implementing the above quick fix on your existing WordPress website simply reach out to us at (239) 961-8285

 

 

We hope this article has helped you security your WordPress website. If this article was helpful please take a moment to like us on Facebook, share this on your social media or buy us a cup of coffee.