Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in SiteGround Optimizer 5.0.13

  • Severity: critical
  • Status: Fixed
  • Publication: March 14, 2019

The SiteGround Optimizer plugin for WordPress has a security vulnerability that could give attackers access to private and sensitive data or the ability to execute code on the server. This affects versions up to and including 5.0.12. The vulnerability occurs when an incorrect access control attribute is used on the switch_php function which is called via the /switch-php REST API route. This allows attackers to include and execute any file on the server, including those with PHP code. This could be used to bypass security and gain access to the server.

Detected in:

SiteGround Optimizer fixed vulnerable versions: >= * < 5.0.13
Speed Optimizer – The All-In-One Performance-Boosting Plugin fixed vulnerable versions:
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.