Rewterz Threat Advisory – CVE-2019-14613 – Intel VTune Amplifier for Windows Privilege Escalation Vulnerability
January 15, 2020Rewterz Threat Alert – Australia Bushfire Donors Affected by Credit Card Skimming Attack
January 16, 2020Rewterz Threat Advisory – CVE-2019-14613 – Intel VTune Amplifier for Windows Privilege Escalation Vulnerability
January 15, 2020Rewterz Threat Alert – Australia Bushfire Donors Affected by Credit Card Skimming Attack
January 16, 2020Severity
High
Analysis Summary
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password.
The InfiniteWP Client Bug
The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This function checks if the request_params variable of the class IWP_MMB_Core is not empty, which is only populated when the payload meets certain conditions.
WP Time Capsule Bug
Located in wptc-cron-functions.php line 12 where it parses the request. The parse_request function calls the function decode_server_request_wptc which check if the raw POST payload contains the string ‘IWP_JSON_PREFIX’.
Impact
Authentication bypass
Affected Vendors
WordPress
Affected Products
- InfiniteWP Client plugin below 1.9.4.5
- WP Time Capsule versions below 1.21.16
Remediation
Updated software plugins.