The digital landscape of WordPress is vast, hosting millions of websites that utilize a variety of plugins to enhance functionality and user experience. However, this extensive use also introduces numerous security risks, one of which has recently been uncovered in the Ditty plugin. Identified as CVE-2024-5575, this vulnerability impacts over 40,000 installations, potentially allowing attackers to execute stored Cross-Site Scripting (XSS) attacks to create admin accounts.
| CVE | CVE-2024-5575 |
| Plugin | Ditty < 3.1.43 |
| Critical | High |
| All Time | 2 891 292 |
| Active installations | 40 000+ |
| Publicly Published | June 27, 2024 |
| Last Updated | June 27, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5575 https://wpscan.com/vulnerability/65d1abb7-92e9-4cc4-a1d0-84985b484af3/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| May 13, 2024 | Plugin testing and vulnerability detection in the Ditty have been completed |
| May 13, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| June 27, 2024 | Registered CVE-2024-5575 |
Discovery of the Vulnerability
The vulnerability within the Ditty plugin was discovered during routine security checks aimed at identifying potential exploits in plugins used widely across the WordPress community. This specific vulnerability allows contributors to embed malicious JavaScript code within posts, leveraging the Tiny MCE block provided by the plugin. The malicious code is executed when viewed by any user, leading to unauthorized actions being performed under the guise of legitimate users.
Understanding of Stored XSS attack’s
XSS is a prevalent security issue where attackers inject malicious scripts into web pages viewed by other users. In WordPress, this often occurs through unsanitized input fields that accept HTML or JavaScript code. Examples in the past have included malicious redirects, stealing cookies, or manipulating web page content. The impact of such vulnerabilities can be significant, ranging from data breaches to complete website compromise.
Exploiting the Stored XSS Vulnerability
To exploit this vulnerability in the Ditty plugin, an attacker would follow these steps:
POC:
Create a new Ditty and add “Tiny MCE” block. Change main text field to <img src=x onerror=alert(1)>
____
When an administrator views the post containing this shortcode, the embedded script executes, potentially leading to further exploitation, such as creating a new admin account or other malicious actions.
Recommendations for Improved Security
Recommendations for Improved Security
To mitigate risks associated with XSS and similar vulnerabilities, website administrators should:
- Update Regularly: Keep all plugins and the WordPress core updated to the latest versions.
- Sanitize Inputs: Ensure that all user inputs are sanitized to prevent malicious data from being saved.
- Use Security Plugins: Implement security plugins that provide firewall, malware scanning, and enhanced authentication features.
- Regular Audits: Conduct regular security audits to identify and fix vulnerabilities.
- Educate Users: Train users with access to the WordPress backend on security best practices and the importance of using strong, unique passwords.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-5575, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
