Vulnerability CVE-2024-7758 affects the Stylish Price List plugin, which is used in companies such as beauty salons, spas, restaurants, etc. This plugin allows users to create elegant price lists, helping to convert visitors into customers. However, this vulnerability opens up the possibility for attackers to inject malicious code into a website, leading to potential account hijacking or other serious security breaches.

CVECVE-2024-7132
PluginStylish Price List < 7.1.8
CriticalHigh
All Time156 464
Active installations4000+
Publicly PublishedSeptember 17, 2024
Last UpdatedSeptember 17, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7758/
https://wpscan.com/vulnerability/0bf39a29-a605-407b-9ab0-a82437d16153/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

July 1, 2024Plugin testing and vulnerability detection in the Stylish Price have been completed
July 1, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
September 17, 2024Registered CVE-2024-7758

Discovery of the Vulnerability

During security testing, a vulnerability was found in the Stylish Price List plugin for WordPress, which allows users to create customizable pricing tables with various features such as category tabs, search, and filter options. While the plugin provides a great user experience and customization, it lacks proper sanitization in certain parameters, particularly in the category names when adding a new pricing list. This loophole enables malicious users with contributor privileges or higher to inject HTML-encoded payloads, bypassing the XSS protection and potentially executing harmful JavaScript on the site..

Understanding of Stored XSS attack’s

Stored XSS, unlike reflected XSS, allows the malicious payload to be stored within the target server’s database and subsequently executed whenever the affected content is viewed by another user. In this context, contributors can add malicious scripts to the price list’s category names, causing them to execute whenever the price list is displayed. Stored XSS is particularly dangerous because the payload is persistent and can affect multiple users, including administrators who may unknowingly trigger the injected code.

Exploiting the Stored XSS Vulnerability

To exploit the CVE-2024-7758 vulnerability in the Stylish Price List plugin, attackers would need at least contributor-level access. Here’s how the exploitation would work:

POC:

  1. Navigate to the “Add New List” section of the plugin interface.
  2. Choose “Start From Scratch” to create a new pricing table.
  3. Insert an HTML-encoded XSS payload into the “Category Name” field, which will bypass the plugin’s sanitization efforts.
  4. The specific vulnerable parameters are category[1]name, where attackers can inject the payload to trigger the XSS.
  5. Once saved, the payload will be stored in the database and executed whenever the price list is viewed by users or administrators.
PoC payload: "&gt;&lt;script&gt;&lt;/script&gt;&lt;img src=x onerror=alert(document.domain)&gt;

____

This payload, when executed, will display an alert box showing the document’s domain, serving as proof that the XSS vulnerability has been successfully exploited.

Recommendations for Improved Security

To mitigate the risk posed by this vulnerability, users of the Stylish Price List plugin should implement the following security measures:

  1. Update the Plugin: Always ensure that the plugin is updated to the latest version, as the developers may release a patch to address this vulnerability.
  2. Sanitize User Inputs: Developers should implement proper input validation and sanitization for all fields, particularly those that allow HTML or special characters, to prevent malicious code from being injected.
  3. Limit User Roles: Restrict the privileges of contributors and other non-admin users to limit their ability to inject potentially harmful scripts into the website.
  4. Use a Web Application Firewall (WAF): A WAF can provide an additional layer of protection by filtering out malicious requests before they reach the website.
  5. Regular Security Audits: Regularly review the security of your WordPress installation and plugins to detect and patch any vulnerabilities before they can be exploited.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-7758, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-7758 – Stylish Price List – Stored XSS(Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *