During the evaluation of the Magee Shortcodes plugin, security researchers identified a critical vulnerability enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability permits malicious actors to execute arbitrary JavaScript code within the context of a victim’s browser when interacting with a compromised post containing specially crafted shortcodes.
Main info:
| CVE | CVE-2023-4783 |
| Plugin | Magee Shortcodes <= 2.1.1 |
| Critical | High |
| All Time | 383 035 |
| Active installations | 9 000+ |
| Publicly Published | September 21, 2023 |
| Last Updated | September 21, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4783 https://wpscan.com/vulnerability/02928db8-ceb3-471a-b626-ca661d073e4f/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| September 4, 2023 | Plugin testing and vulnerability detection in the Magee Shortcodes have been completed |
| September 4, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| September 12, 2023 | The plugin has closed |
| September 21, 2023 | Registered CVE-2023-4783 |
Discovery of the Vulnerability
In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover
Understanding of Stored XSS attack’s
Stored XSS vulnerabilities occur when user-supplied data is stored on a website’s server and later displayed to other users without proper sanitization. In the case of WordPress, plugins often process user input to generate dynamic content such as posts or comments. Attackers can exploit this functionality by injecting malicious JavaScript code into posts or comments, which is then executed when other users view the affected content.
For example, in the Magee Shortcodes plugin, the vulnerable [ms_alert] shortcode allows contributors to embed custom alert messages in posts. By injecting JavaScript code into the shortcode attributes, an attacker can trigger arbitrary actions when unsuspecting users view the compromised content.
Exploiting the Stored XSS Vulnerability
POC:
[ms_alert icon=”fa-exclamation-circle” background_color=”#ffcc00″ text_color=”#ffffff” border_width=”0″ border_radius=”0″ box_shadow=”no” dismissable=”yes” class=”” id='” onmouseover=”alert(/XSS/)”‘]Warning! Better check yourself, you’re not looking too good.[/ms_alert]
___
The impact of this vulnerability is severe, as it allows attackers to compromise the integrity and security of WordPress websites. In real-world scenarios, an attacker could exploit this vulnerability to steal sensitive user data, spread malware, deface websites, or perform other malicious actions.
Recommendations for Improved Security
To mitigate the risk posed by Stored XSS vulnerabilities, developers should implement proper input validation and output sanitization techniques in their plugins. WordPress administrators should also keep their plugins up to date and monitor for security advisories from plugin developers (In this case, it is recommended to remove the plugin due to the danger of vulnerability). Additionally, users should exercise caution when interacting with user-generated content on websites and install security plugins that offer protection against XSS attacks.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
