WordPress plugins enhance website functionality, but they can also introduce security vulnerabilities. One such vulnerability has been discovered in the SEOPress – On-site SEO plugin, affecting over 300,000 active installations. This vulnerability, identified as CVE-2024-4899, allows contributors to exploit a Stored XSS (Cross-Site Scripting) flaw, potentially leading to the creation of unauthorized admin accounts.

CVECVE-2024-4899
PluginSEOPress < 7.8
CriticalHigh
All Time12 340 358
Active installations300 000+
Publicly PublishedJune 9, 2024
Last UpdatedJune 9, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4899
https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

May 10, 2024Plugin testing and vulnerability detection in the SEOPress – On-site SEO have been completed
May 10, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 9, 2024Registered CVE-2024-4899

Discovery of the Vulnerability

The vulnerability was discovered during routine security testing of the SEOPress plugin. Researcher found that contributors could inject malicious JavaScript code into the “SEO Title” field of a new post. This malicious code executes whenever an admin views the post, potentially allowing attackers to create a new admin account.

Understanding of Stored XSS attack’s

XSS vulnerabilities occur when an application includes untrusted data in a web page without proper validation or escaping. In WordPress, such vulnerabilities are especially concerning because they can be used to hijack admin sessions, deface websites, or inject malicious scripts. Real-world examples include attacks on popular plugins like WP GDPR Compliance and Yoast SEO, which have previously faced similar vulnerabilities.

Exploiting the Stored XSS Vulnerability

To exploit the CVE-2024-4899 vulnerability, an attacker needs contributor access to the WordPress site. The steps to exploit are straightforward:

POC:

1) Create new Post

2) In bottom of the page put in “SEO Title” field this text – ;&lt;img src=x onerror=alert(1)&gt;<

____

The risk posed by this vulnerability is significant, especially for sites with multiple contributors. Attackers can leverage this flaw to escalate privileges, gain full control of the website, and potentially distribute malware to site visitors. In a real-world scenario, this could lead to severe consequences, such as data breaches, defacement, and loss of user trust.

Recommendations for Improved Security

To mitigate this vulnerability and enhance overall security, the following measures are recommended:

  1. Update the Plugin: Ensure that the SEOPress plugin is updated to the latest version, where the vulnerability is patched.
  2. Limit Contributor Permissions: Restrict the permissions of contributor roles to minimize the risk of such attacks.
  3. Implement Input Validation: Use input validation and sanitization techniques to prevent the injection of malicious scripts.
  4. Regular Security Audits: Conduct regular security audits of all plugins and themes to identify and fix vulnerabilities promptly.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4899, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-4899 – SEOPress – On-site SEO – Stored XSS to Admin Account Creation (Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *