Rewterz Threat Alert – Chinese APT, Earth Lusca, Adopts SprySOCKS Linux Malware to Bolster Its Cyber Arsenal – Active IOCs
September 26, 2023Rewterz Threat Advisory – Multiple WordPress Welcart e-Commerce plugin Vulnerabilities
September 26, 2023Rewterz Threat Alert – Chinese APT, Earth Lusca, Adopts SprySOCKS Linux Malware to Bolster Its Cyber Arsenal – Active IOCs
September 26, 2023Rewterz Threat Advisory – Multiple WordPress Welcart e-Commerce plugin Vulnerabilities
September 26, 2023Severity
High
Analysis Summary
CVE-2023-4402 CVSS: 8.1
Essential Blocks plugin for WordPress and Essential Blocks Pro plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by the unsafe deserialization of data. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-4386 CVSS: 8.1
Essential Blocks plugin for WordPress and Essential Blocks Pro plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by the unsafe deserialization of data. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-4774 CVSS: 6.4
WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Code Execution
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-4402
- CVE-2023-4386
- CVE-2023-4774
Affected Vendors
WordPress
Affected Products
- WPDeveloper Essential Blocks plugin for WordPress 4.2.0
- WPDeveloper Essential Blocks Pro plugin for WordPress 1.1.0
- WordPress WP-Matomo Integration (WP-Piwik) plugin for WordPress 1.0.28
- WordPress WP-Matomo Integration (WP-Piwik) plugin for WordPress 1.0.27
Remediation
Upgrade to the latest version of Essential Blocks plugin for WordPress and Essential Blocks plugin for WordPress, available from the WordPress Plugin Directory.