Description

WordPress Plugin Custom Content Type Manager contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Custom Content Type Manager versions 0.9.8.7 and 0.9.8.8 are the only one affected.

Remediation

Update to plugin version 0.9.8.9 or latest

References

https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html

https://wordpress.org/support/topic/version-0989-is-safe

https://wordpress.org/support/topic/vulnerability-on-auto-updatephp

https://wordpress.org/plugins/custom-content-type-manager/changelog/

Related Vulnerabilities

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-3632)

Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update