YellowPencil’s Privilege Escalation Vulnerability leaves more than 30000 Sites Prone to Hacking

YellowPencil is a popular WordPress plugin which is used for visual style editing, and the news is that it has got hacked. Recently, the plugin was infected by hackers with software vulnerabilities which could allow them to update arbitrary options on all vulnerable websites. The plugin was removed from the repository on Monday after a privilege escalation bug was discovered which would have allowed potential attackers to update arbitrary options on vulnerable installations.

Many webmasters faced exactly this situation because of the vulnerability discovered in the plugin who had their WordPress websites hacked. The plugin has an install base of more than 30,000 websites. If YellowPencil is installed in any site, it can be hacked and hackers gain the ability to change URL and homepage of the site.

They could also do an unauthenticated SQL injection. Since the number of downloads exceeds 30,000 many sites are vulnerable for attacks. Thus this plugin was removed from WordPress repository and is no longer available for download.

According to researchers, “The first flaw that enables this attack is present in the yellow-pencil.php file within the plugin. The yp_remote_get_first() function is called on every page load and checks if a specific request parameter (yp_remote_get) has been set. If it has, the plugin escalates privileges to that of an administrator for the remainder of the request.”

Thus when this parameter status is checked, the plugin enables the attackers to take the role of administrators and take actions on websites. However, this is not just the whole picture as according to researchers, the YellowPencil plugin hack is part of a larger campaign that is run by the same attacking group.

The developers have come up with a solution for YellowPencil and have fixed the vulnerability with new updates. To avoid your website from getting into the hands of an attacker, users must update their plugin to the latest version. Here’s a snapshot from their Facebook page. If you are using the YellowPencil plugin please don’t forget to update. All the older versions of YellowPencil are currently at risk.