In the world of web development and content management, security remains a critical concern, especially for platforms like WordPress, which power millions of websites globally. Recently, a significant vulnerability has been discovered in the Social Media Widget plugin for WordPress, identified as CVE-2024-0974. This vulnerability allows an attacker to execute Stored Cross-Site Scripting (XSS) attacks, which can ultimately lead to a complete account takeover and backdoor creation. With over 40,000 installations, this vulnerability poses a substantial risk to countless websites and their administrators.

CVECVE-2024-0974
PluginSocial Media Widget < 4.0.9
CriticalHigh
All Time2 462 326
Active installations40 000+
Publicly PublishedJune 9, 2024
Last UpdatedJune 9, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0974
https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

January 25, 2024Plugin testing and vulnerability detection in the Social Media Widget have been completed
January 25, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 9, 2024Registered CVE-2024-0974

Discovery of the Vulnerability

The vulnerability in the Social Media Widget plugin was uncovered during routine security testing. This plugin is widely used by WordPress site owners to display social media icons and links on their websites. However, it was found that by exploiting the VK URL field, an attacker could inject malicious JavaScript code. When an editor or admin interacts with this malicious widget, the script executes, potentially leading to severe security breaches.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into content that other users view. In WordPress, XSS vulnerabilities often arise from insufficient input validation and sanitization. Real-world examples of XSS attacks include data theft, session hijacking, and redirection to malicious websites. For instance, an attacker might inject a script to steal cookies or execute unauthorized actions on behalf of a logged-in user.

Exploiting the Stored XSS Vulnerability

To exploit this vulnerability, an attacker needs to follow these steps:

POC:

When creating a new widget, insert the following payload in the “VK URL” field 123″ onmouseover=’alert(/XSS/)’ -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

____

The potential risks associated with this vulnerability are significant. An attacker exploiting this flaw could take over administrative accounts, leading to unauthorized access to sensitive data, site defacement, or even the complete compromise of the website. In real-world scenarios, this could translate to data breaches affecting thousands of users, loss of customer trust, and substantial financial damage. For instance, an e-commerce site using the vulnerable plugin could see customer data, including payment information, exposed.

Recommendations for Improved Security

To mitigate the risk posed by this vulnerability, it is crucial for website administrators to take immediate action. Firstly, update the Social Media Widget plugin to the latest version where this issue is patched. Additionally, it is advisable to review and restrict user permissions, ensuring that only trusted users have editor or admin access. Implementing a Web Application Firewall (WAF) can also help block malicious requests. Regular security audits and the use of security plugins can further enhance the overall security posture of a WordPress site.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-0974, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-0974 – Social Media Widget – Stored XSS to backdoor creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *