CVE-2023-6751
📋 TL;DR
The Hostinger WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to enable or disable maintenance mode on affected websites. This affects all WordPress sites using Hostinger plugin versions 1.9.7 and earlier. Attackers can disrupt website availability without requiring any credentials.
💻 Affected Systems
- Hostinger WordPress Plugin
📦 What is this software?
Hostinger by Hostinger
⚠️ Risk & Real-World Impact
Worst Case
Attackers could enable maintenance mode indefinitely, causing extended website downtime and business disruption, potentially combined with other attacks during the outage.
Likely Case
Temporary website unavailability through maintenance mode activation, causing service disruption and potential reputational damage.
If Mitigated
Minimal impact if plugin is patched or disabled; maintenance mode changes would be prevented.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint; no authentication required. Exploitation trivial for attackers with basic web knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.8
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Hostinger plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.9.8+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Hostinger Plugin
allTemporarily deactivate the vulnerable plugin until patching is possible
wp plugin deactivate hostinger
Web Application Firewall Rule
allBlock requests to the vulnerable publish_website endpoint
Block HTTP POST requests to */wp-admin/admin-ajax.php with action=publish_website
🧯 If You Can't Patch
- Implement IP-based access restrictions to WordPress admin areas
- Deploy a web application firewall with rules blocking unauthorized maintenance mode changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Hostinger plugin version. If version is 1.9.7 or lower, system is vulnerable.Check Version:
wp plugin get hostinger --field=versionVerify Fix Applied:
Confirm Hostinger plugin version is 1.9.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=publish_website from unauthenticated users
- Sudden maintenance mode activation without administrator action
Network Indicators:
- HTTP POST requests to admin-ajax.php with publish_website parameter from external IPs
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="publish_website" AND user="-"🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=cve
