WordPress Solid Security Information Disclosure Scanner

WordPress Solid Security, formerly known as iThemes Security, is a widely used plugin designed to enhance the security of WordPress websites. It is employed by webmasters, developers, and site administrators to protect against various threats and vulnerabilities. The plugin offers a suite of features such as two-factor authentication, brute force protection, and activity monitoring. Its user-friendly interface and comprehensive protection capabilities make it a popular choice for securing WordPress sites. Organizations rely on this plugin to mitigate risks and safeguard sensitive information. Keeping WordPress installations secure is paramount, and Solid Security is a valuable tool in this endeavor.

The vulnerability detected in the WordPress Solid Security plugin pertains to information disclosure. Specifically, it involves the exposure of the secret login URL token through the HTML source when the Hide Backend feature is enabled and comments require user registration. This can potentially allow unauthorized individuals to discover the secret login page. By exploiting this information, an attacker could gain unauthorized access to a WordPress site. This vulnerability highlights the importance of safeguarding sensitive tokens in web applications. The risk is particularly elevated for sites with high visibility or valuable content.

The technical details of this vulnerability involve the itsec-hb-token parameter, which is leaked in comment form login links. The issue arises when a WordPress site with Solid Security plugin enabled exposes this parameter in the body of HTML, allowing it to be extracted by analyzing the page source. This disclosure occurs when a user tries to post a comment on the site, inadvertently revealing critical information. Attackers could potentially use automated tools to scan for this parameter across multiple sites. It's crucial for WordPress site administrators to be aware of this risk and take corrective action immediately.

When this vulnerability is exploited, it can lead to unauthorized access to the admin login page, potentially allowing attackers to perform privileged actions. This could result in data breaches, defacement, or complete takeover of the WordPress site. Furthermore, exposing the login URL decreases the effectiveness of other security measures like IP restriction or rate limiting. It could also undermine user trust, especially if confidential information is compromised. Ensuring the login page's confidentiality is thus pivotal to preserving site integrity.

REFERENCES

• https://wordpress.org/plugins/better-wp-security/
• https://wpscan.com/vulnerability/b7201fc1-d825-484f-aca9-ba14a968179b/