CVE-2024-8617 detects a stored XSS vulnerability in the popular QuizMaker plugin for WordPress, which allows users to create various quizzes with different types of questions. Although it offers extensive functionality for creating quizzes, it also contains a critical security flaw that could allow attackers to inject malicious code, potentially leading to the creation of a backdoor and unauthorized access to the website.
CVE | CVE-2024-7132 |
Plugin | Quiz Maker < 6.5.9.8 |
Critical | Low |
All Time | 2 160 163 |
Active installations | 20 000+ |
Publicly Published | September 17, 2024 |
Last Updated | September 17, 2024 |
Researcher | Artyom Krugov |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8617/ https://wpscan.com/vulnerability/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
July 24, 2024 | Plugin testing and vulnerability detection in the Quiz Maker have been completed |
July 24, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
September 17, 2024 | Registered CVE-2024-8617 |
Discovery of the Vulnerability
During a routine security assessment of the Quiz Maker plugin, a vulnerability was discovered in the handling of input fields related to quiz parameters. While the plugin provides a comprehensive range of features such as radio buttons, checkboxes, dropdowns, and text fields for quiz creation, certain parameters were found to be vulnerable to stored XSS attacks. Specifically, parameters like ays_mobile_max_width
, ays_quiz_border_radius
, ays_quiz_border_width
, and ays_image_height
were improperly sanitized, allowing attackers to inject malicious scripts that would persist in the system.
Understanding of Stored XSS attack’s
Stored XSS (or persistent XSS) differs from other XSS types in that the malicious payload is saved on the server and later executed in the browser of any user who views the affected content. This makes stored XSS particularly dangerous, as it can affect multiple users and persist across multiple sessions. In the case of Quiz Maker, an attacker can inject a script into a quiz parameter field that, once saved, will execute whenever someone, including administrators, interacts with the quiz.
Exploiting the Stored XSS Vulnerability
Exploiting the CVE-2024-8617 vulnerability involves injecting a malicious payload into one of the vulnerable quiz parameter fields:
POC:
- Navigate to the Quiz Maker plugin’s control panel.
- Click on the “Quizzes” tab and create a new quiz.In the quiz settings, locate the vulnerable parameters such as
ays_mobile_max_width
,ays_quiz_border_radius
,ays_quiz_border_width
, orays_image_height
.- Insert a malicious XSS payload into one of these fields.
PoC payload: 333"asdasd='+onmouseover=alert(777)+tet='+//
____
could be injected into the ays_quiz_border_radius
field. Once saved, the payload is stored in the database, and when an administrator or any other user interacts with the quiz, the script is triggered. In this case, the onmouseover
event would cause an alert box to display 777
. However, this could easily be modified to include more harmful actions, such as executing a backdoor.
Recommendations for Improved Security
To mitigate the risk posed by this vulnerability, users of the Stylish Price List plugin should implement the following security measures:
- Update the Plugin: Always ensure that the plugin is updated to the latest version, as the developers may release a patch to address this vulnerability.
- Sanitize User Inputs: Developers should implement proper input validation and sanitization for all fields, particularly those that allow HTML or special characters, to prevent malicious code from being injected.
- Limit User Roles: Restrict the privileges of contributors and other non-admin users to limit their ability to inject potentially harmful scripts into the website.
- Use a Web Application Firewall (WAF): A WAF can provide an additional layer of protection by filtering out malicious requests before they reach the website.
- Regular Security Audits: Regularly review the security of your WordPress installation and plugins to detect and patch any vulnerabilities before they can be exploited.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-8617, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.