Vulnerability CVE-2024-7758 affects the Stylish Price List plugin, which is used in companies such as beauty salons, spas, restaurants, etc. This plugin allows users to create elegant price lists, helping to convert visitors into customers. However, this vulnerability opens up the possibility for attackers to inject malicious code into a website, leading to potential account hijacking or other serious security breaches.
| CVE | CVE-2024-7132 |
| Plugin | Stylish Price List < 7.1.8 |
| Critical | High |
| All Time | 156 464 |
| Active installations | 4000+ |
| Publicly Published | September 17, 2024 |
| Last Updated | September 17, 2024 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7758/ https://wpscan.com/vulnerability/0bf39a29-a605-407b-9ab0-a82437d16153/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| July 1, 2024 | Plugin testing and vulnerability detection in the Stylish Price have been completed |
| July 1, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| September 17, 2024 | Registered CVE-2024-7758 |
Discovery of the Vulnerability
During security testing, a vulnerability was found in the Stylish Price List plugin for WordPress, which allows users to create customizable pricing tables with various features such as category tabs, search, and filter options. While the plugin provides a great user experience and customization, it lacks proper sanitization in certain parameters, particularly in the category names when adding a new pricing list. This loophole enables malicious users with contributor privileges or higher to inject HTML-encoded payloads, bypassing the XSS protection and potentially executing harmful JavaScript on the site..
Understanding of Stored XSS attack’s
Stored XSS, unlike reflected XSS, allows the malicious payload to be stored within the target server’s database and subsequently executed whenever the affected content is viewed by another user. In this context, contributors can add malicious scripts to the price list’s category names, causing them to execute whenever the price list is displayed. Stored XSS is particularly dangerous because the payload is persistent and can affect multiple users, including administrators who may unknowingly trigger the injected code.
Exploiting the Stored XSS Vulnerability
To exploit the CVE-2024-7758 vulnerability in the Stylish Price List plugin, attackers would need at least contributor-level access. Here’s how the exploitation would work:
POC:
- Navigate to the “Add New List” section of the plugin interface.
- Choose “Start From Scratch” to create a new pricing table.
- Insert an HTML-encoded XSS payload into the “Category Name” field, which will bypass the plugin’s sanitization efforts.
- The specific vulnerable parameters are
category[1]name, where attackers can inject the payload to trigger the XSS.- Once saved, the payload will be stored in the database and executed whenever the price list is viewed by users or administrators.
PoC payload: "><script></script><img src=x onerror=alert(document.domain)>____
This payload, when executed, will display an alert box showing the document’s domain, serving as proof that the XSS vulnerability has been successfully exploited.
Recommendations for Improved Security
To mitigate the risk posed by this vulnerability, users of the Stylish Price List plugin should implement the following security measures:
- Update the Plugin: Always ensure that the plugin is updated to the latest version, as the developers may release a patch to address this vulnerability.
- Sanitize User Inputs: Developers should implement proper input validation and sanitization for all fields, particularly those that allow HTML or special characters, to prevent malicious code from being injected.
- Limit User Roles: Restrict the privileges of contributors and other non-admin users to limit their ability to inject potentially harmful scripts into the website.
- Use a Web Application Firewall (WAF): A WAF can provide an additional layer of protection by filtering out malicious requests before they reach the website.
- Regular Security Audits: Regularly review the security of your WordPress installation and plugins to detect and patch any vulnerabilities before they can be exploited.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-7758, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
