Overview
The cybersecurity community is constantly dealing with evolving threats and vulnerabilities, and CVE-2020-36852 is one such recent discovery. This vulnerability affects the Custom Searchable Data Entry System plugin for WordPress, a popular content management system used by millions of websites worldwide. What makes this vulnerability particularly dangerous is its potential for unauthenticated database wiping, which could lead to severe data loss or even a complete system compromise.
An unauthenticated attacker could leverage this vulnerability to wipe out entire database tables, including critical ones like wp_users. As such, it’s imperative for users and system administrators of the affected WordPress plugin to understand the severity of this vulnerability, its potential impact, and the necessary steps to mitigate the risks associated with it.
Vulnerability Summary
CVE ID: CVE-2020-36852
Severity: Critical (CVSS score 9.1)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Unauthenticated database wiping leading to potential system compromise or data leakage
Affected Products
Escape the Surveillance Era
Most apps won’t tell you the truth.
They’re part of the problem.
Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.
Ameeba Chat gives you a way out.
- • No phone number
- • No email
- • No personal info
- • Anonymous aliases
- • End-to-end encrypted
Chat without a trace.
Product | Affected Versions
Custom Searchable Data Entry System Plugin for WordPress | Up to and including 1.7.1
How the Exploit Works
The vulnerability stems from the lack of sufficient validation and a missing capability check on the ghazale_sds_delete_entries_table_row() function in the Custom Searchable Data Entry System plugin for WordPress. This oversight makes it possible for unauthenticated attackers to send a malicious payload that triggers the function and wipes database tables. The wp_users table, which contains crucial user information, can be completely wiped, potentially leading to a full system compromise.
Conceptual Example Code
Below is a conceptual example of a malicious HTTP request that could exploit this vulnerability:
POST /wp-content/plugins/custom-searchable-data-entry-system/ghazale_sds_delete_entries_table_row HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
table=wp_users&id=*This example is a simple HTTP POST request that targets the vulnerable function. The ‘table’ parameter is set to ‘wp_users’ and ‘id’ parameter to ‘*’, indicating that all entries in the ‘wp_users’ table should be deleted.
Mitigation
Users of the affected plugin are advised to apply the vendor patch immediately, which fixes the vulnerability by adding the missing capability check and proper validation to the ghazale_sds_delete_entries_table_row() function. In the absence of a patch, users can employ temporary mitigation strategies such as using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) to block malicious requests targeting the vulnerability.
