Detectify security updates for 29 April

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner on 29 April 2020.

CVE-2020-11514: WordPress seo-by-rank-math Privilege Escalation

Rank Math is a WordPress SEO plugin with over 200,000 installations. Most recently, a critical RCE vulnerability was discovered that allowed an unauthenticated attacker to update arbitrary metadata, which includes the ability to grant or revoke administrative privileges for any registered user on the site.

A more detailed code analysis on the vulnerability can be found here:
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/

Atlassian Confluence Knowledge Base Exposure

There have been numerous write-ups on the exposure of internal company documentation and web pages. As more and more companies are migrating online due to COVID-19, this issue is becoming more prevalent. Most recently, Crowdsource has implemented a module that checks Atlassian Confluence instances for the public exposure of their internal wikis.

CVE-2020-11455: LimeSurvey Path Traversal

LimeSurvey is a free and open-source online survey tool. Recently, it was found that a path traversal vulnerability was found in the software that would allow an attacker to read sensitive data from the server.