{"id":22890,"date":"2022-09-08T17:45:54","date_gmt":"2022-09-08T15:45:54","guid":{"rendered":"https:\/\/wordlift.io\/blog\/en\/?p=22890"},"modified":"2022-09-09T15:42:12","modified_gmt":"2022-09-09T13:42:12","slug":"wordlift-cve-and-the-wordpress-plugin-directory-review","status":"publish","type":"post","link":"https:\/\/wordlift.io\/blog\/en\/wordlift-cve-and-the-wordpress-plugin-directory-review\/","title":{"rendered":"WordLift CVE and the WordPress Plugin Directory Review"},"content":{"rendered":"\n

TL;DR<\/p>\n\n\n\n

WordLift 3.37 was temporary removed from the WordPress<\/a> plugin directory, between the 22nd of August until the 7th of September 2022, in response to a security report. The critical level was considered low, however we immediately released a patch version and we followed up with a full code review<\/strong> to tighten the plugin together with the support and feedback of WordPress volunteers. On the 7th of September WordLift was reopened with version 3.38.0.<\/strong><\/p>\n\n\n\n

Introduction<\/strong><\/h2>\n\n\n\n

The WordLift Plugin for WordPress is our most developed and used client of the WordLift platform. <\/p>\n\n\n\n

The plugin development started more than 10 years ago<\/strong> as an experiment into bringing the power of the Semantic Web into WordPress and republish the data as Linked Data in order to boost the website SEO<\/strong>.<\/p>\n\n\n\n

Since then we pushed more than 250 releases to the WordPress Plugin Directory, adding new features, supporting new WordPress versions and features and we grew to hundreds of customers using it to get more visibility on the SERP<\/strong>.<\/p>\n\n\n\n

What happened<\/strong><\/h2>\n\n\n\n

On the 22nd of August we received a message from the WordPress Plugin Directory volunteers about a security report related to the WordLift Plugin 3.37, which would allow a WordPress administrator to insert html code in a WordLift configuration field.<\/p>\n\n\n\n

The original description of the issue:<\/p>\n\n\n\n

“The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.”<\/p>\n\n\n\n

Further details about the report are available <\/em>here<\/em><\/a> (CVE<\/a>) and <\/em>here<\/em><\/a> (WPScan).<\/em><\/p>\n\n\n\n

Because only an administrator could exploit it, the critical level of the security issue was considered low<\/strong> and we immediately pushed a patched version of the plugin to the WordPress Plugin Directory.<\/p>\n\n\n\n

However the report triggered a process where the WordLift plugin would go into a full review by the WordPress team<\/strong>. During this process the WordLift plugin would be temporary taken offline.<\/p>\n\n\n\n

The full review was deemed necessary because the initial report meant that WordLift is getting more traction, a larger customer base and may be considered a target.<\/p>\n\n\n\n

\n

@wordliftit<\/a> plugin for #wordpress<\/a> got a #cve<\/a> https:\/\/t.co\/vIIVhOP0cr<\/a> \ud83d\udc6e\u200d\u2642\ufe0fwhich means @_WPScan_<\/a> may raise a warning if you're using v3.37.1 1\/3<\/p>— David Riccitelli (@ziodave) September 5, 2022<\/a><\/blockquote>