CVE-2018-15877: WordPress plugin Plainview Activity Monitor RCE Vulnerability Alert

Recently, the WordPress plugin Plainview Activity Monitor was exposed to a remote command execution vulnerability

CVE-2018-15877

Activity Monitor tracks all user activity on your blog or network. The activities can be viewed in global table showing activities on the whole network, or locally for just the blog you are currently viewing. The activites can be filtered so that only specific blogs / hooks / IPs / users are displayed.

Description

A remote attacker could exploit the vulnerability by sending a well-constructed “ip” parameter to the url “/wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools”. The successful exploitation of this vulnerability requires privilege, but the plug-in version that contains the vulnerability is also vulnerable to CSRF attacks and reflection-based XSS attacks, combining three vulnerabilities that can ultimately lead to remote command execution by inducing administrators to click on malicious links.

Affected version

  • Plainview Activity Monitor plugin version <= 20161228

Unaffected version

  • Plainview Activity Monitor plugin version 20180826

Solution

The wordpress official has released the latest version to fix this vulnerability, and affected users should update it for protection.