CVE-2020-36724
📋 TL;DR
The Wordable WordPress plugin up to version 3.1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrator privileges. This occurs due to improper validation of user-supplied hashing algorithms and loose comparison of hash values. All WordPress sites using vulnerable versions of the Wordable plugin are affected.
💻 Affected Systems
- Wordable WordPress Plugin
📦 What is this software?
Wordable by Wordable
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with attacker gaining administrator access, allowing installation of backdoors, data theft, defacement, or ransomware deployment.
Likely Case
Attackers gain administrator privileges to modify content, install malicious plugins/themes, or steal sensitive data from the WordPress site.
If Mitigated
Limited impact with proper network segmentation, strong authentication controls, and regular security monitoring in place.
🎯 Exploit Status
Exploitation requires sending specially crafted requests to vulnerable endpoints. Multiple security vendors have confirmed active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.2 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Wordable plugin. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable Wordable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wordable
Restrict Plugin Access
allUse web application firewall to block access to Wordable endpoints
🧯 If You Can't Patch
- Immediately deactivate and remove the Wordable plugin from all WordPress installations
- Implement strict network access controls and web application firewall rules to block suspicious authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Wordable version 3.1.1 or earlierCheck Version:
wp plugin list --name=wordable --field=versionVerify Fix Applied:
Verify Wordable plugin version is 3.1.2 or later, or confirm plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts to Wordable endpoints
- Multiple failed login attempts followed by successful admin login from new IP
- Administrator account creation/modification from unexpected sources
Network Indicators:
- HTTP POST requests to /wp-content/plugins/wordable/ endpoints with unusual parameters
- Traffic patterns showing unauthenticated users accessing admin functions
SIEM Query:
source="wordpress" AND (uri_path="/wp-content/plugins/wordable/" OR plugin="wordable") AND (status=200 OR user_agent CONTAINS "curl" OR user_agent CONTAINS "wget")🔗 References
- https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
- https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve
- https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
- https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve
