An gano wani rauni (CVE-2021-39341) a cikin OptinMonster WordPress add-on, wanda ke da kayan aiki sama da miliyan guda kuma ana amfani da shi don nuna sanarwar fashe-fashe da tayi, yana ba ku damar sanya lambar JavaScript ɗin ku akan rukunin yanar gizo. ta amfani da ƙayyadaddun add-on. An daidaita rashin lafiyar a cikin sakin 2.6.5. Don toshe damar shiga ta maɓallan da aka kama bayan shigar da sabuntawa, Masu haɓaka OptinMonster sun soke duk maɓallan samun damar API da aka ƙirƙira a baya tare da ƙara hani kan amfani da maɓallan rukunin yanar gizon WordPress don canza kamfen na OptinMonster.
Matsalar ta samo asali ne daga kasancewar REST-API /wp-json/omapp/v1/support, wanda za a iya isa ga ba tare da tantancewa ba - an aiwatar da buƙatar ba tare da ƙarin bincike ba idan mai magana ya ƙunshi kirtani "https://wp" .app.optinmonster.test” da kuma lokacin saita buƙatun HTTP nau'in zuwa "ZABI" (mai taken HTTP "X-HTTP-Hanyar Sauke"). Daga cikin bayanan da aka dawo lokacin samun damar shiga REST-API da ake tambaya, akwai maɓallin shiga da ke ba ku damar aika buƙatun zuwa kowane mai sarrafa REST-API.
Yin amfani da maɓallin da aka samu, maharin na iya yin canje-canje ga duk wani bulogi da aka nuna ta amfani da OptinMonster, gami da shirya aiwatar da lambar JavaScript ɗin sa. Bayan da ya sami damar aiwatar da lambar JavaScript ɗinsa a cikin mahallin rukunin yanar gizon, maharin na iya tura masu amfani zuwa rukunin yanar gizonsa ko tsara musanya wani asusu mai gata a cikin gidan yanar gizon lokacin da mai gudanar da rukunin yanar gizon ya aiwatar da canjin JavaScript code. Samun damar shiga yanar gizo, maharin zai iya cimma nasarar aiwatar da lambar PHP ɗin sa akan sabar.
source: budenet.ru