In the ever-evolving landscape of cybersecurity, staying vigilant about potential vulnerabilities in widely-used plugins is crucial. Recently, a critical vulnerability, identified as CVE-2024-4900, was discovered in the SEOPress plugin for WordPress, which has over 300,000 active installations. This vulnerability allows an attacker to execute a malicious redirect by injecting code through a field meant for SEO settings, posing a significant risk to websites using this plugin.
| CVE | CVE-2024-4900 |
| Plugin | SEOPress < 7.8 |
| Critical | High |
| All Time | 12 340 358 |
| Active installations | 300 000+ |
| Publicly Published | June 9, 2024 |
| Last Updated | June 9, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A1: Injection |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4900 https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| May 10, 2024 | Plugin testing and vulnerability detection in the SEOPress – On-site SEO have been completed |
| May 10, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| June 9, 2024 | Registered CVE-2024-4900 |
Discovery of the Vulnerability
The vulnerability was uncovered during routine security testing of the SEOPress plugin. The issue lies in the “Facebook Title” field, which allows for the injection of malicious code. By exploiting this vulnerability, an attacker can create a redirect that sends users to a malicious site without their knowledge. The discovery of this flaw underscores the importance of regular security assessments and the need for developers to implement robust input validation mechanisms.
Understanding of Redirects attack’s
Redirection vulnerabilities in WordPress occur when an attacker can manipulate a URL to redirect users to an unintended destination. This can be particularly dangerous if the destination is a malicious site designed to steal personal information or spread malware. In the context of SEOPress, the vulnerability arises from improper handling of user input in the “Facebook Title” field, which can be exploited by users with Contributor-level permissions or higher.
Real-world examples of such vulnerabilities include cases where attackers have redirected users to phishing sites or sites laden with malware. These attacks not only compromise the affected websites but also damage the trust and reputation of the site owners.
Exploiting the Redirects Vulnerability
To exploit this vulnerability, an attacker needs Contributor-level access or higher. The proof of concept (POC) for this attack involves the following steps:
POC:
1) Create new Post
2) In bottom of the page put in “Facebook Title” field this text – (0;http://smth.me/” HTTP-EQUIV=”refresh” a=”a)
____
The risks associated with this vulnerability are significant. By exploiting this flaw, attackers can:
- Redirect users to phishing sites designed to steal credentials or personal information.
- Drive traffic to malicious websites that host malware, potentially compromising users’ devices.
- Damage the reputation of the affected websites, leading to a loss of user trust and potential financial losses.
In real-world scenarios, attackers could use this vulnerability to target high-traffic websites, amplifying the impact of their malicious activities. For instance, a popular blog using SEOPress could unknowingly redirect thousands of visitors to a phishing site, resulting in widespread data theft.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-4900, the following recommendations should be implemented:
- Update the Plugin: Ensure that you are using the latest version of SEOPress, as the developers are likely to release a patch addressing this vulnerability.
- Input Validation: Developers should implement robust input validation to prevent the injection of malicious code in user fields.
- Access Controls: Limit the permissions of Contributor-level users and regularly review user roles and permissions.
- Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues promptly.
- User Education: Educate users about the importance of security and the risks associated with vulnerabilities like this one.
By taking proactive measures to address Redirect vulnerabilities like CVE-2024-4900, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #Redirect #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
