Researchers raise alarm about malicious WordPress plugin Total Donations

According to a recent post written by researchers by the Wordfence Threat Intelligence team, there are serious concerns about a popular plugin used on WordPress sites. The plugin is Total Donations, and according to researchers, multiple zero-day vulnerabilities threaten site owners who utilize the plugin. The vulnerabilities are identified as CVE-2019-6703 and are dangerous due to the following explanation on the threat report:

Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.

The vulnerabilities were uncovered by researchers following analysis that showed certain queries from attackers. The way that query strings were entered into the access data, as researchers explain it, showed obvious malicious activity. According to the post written by Wordfence, the developers of Total Donations (Calmar Webmedia) were contacted numerous times by the researchers. Despite Wordfence’s efforts to warn the developers, all forms of communication were completely ignored and the website itself that Calmar Webmedia uses appears to be abandoned.

For this reason, Wordfence researchers believe that there is no hope for a patch and that the plugin should be deleted by site administrators who employ it. Their reasoning relates to how the “the-ajax-caller.php” script will execute any AJAX function that is passed, regardless if Total Donations is active or not. Additionally, they state that this situation can be “used to call any arbitrary function, regardless of whether it’s associated with the Total Donations plugin at all, posing additional security risks on its own.”

Wordfence stated toward the end of their report that they will continue to monitor any malicious activity associated with these zero-days and will keep users aware of any new developments.

Featured image: Max Pixel

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Free remote work tools for IT teams during coronavirus pandemic

Setting up remote workstations during the coronavirus crisis so employees can work from home is…

42 mins ago

MonitorMinor stalkerware: Dangerous new Android malware

Stalkerware has been on the rise for a while, but MonitorMinor threatens to take this…

4 hours ago

5 ways to secure your applications from open-source vulnerabilities

No single tool acts as a silver bullet to slay all open-source vulnerabilities, but using…

7 hours ago

How to securely connect and manage remote workers

Reserve your place now to discover why a fully functional VPN solution can help you…

21 hours ago

Apple iOS contains vulnerability affecting VPN connections

A vulnerability affecting Apple iOS VPN connections could allow outsiders to see things you don’t…

1 day ago

One hour to better security: How to leverage Azure MFA to secure an existing VPN solution

Deploying a VPN leveraging Azure MFA provides extra security and helps ensure that remote users…

1 day ago