It was recently discovered that the “Simple Slide Tab” plugin, designed to help WordPress site owners increase conversion by adding customizable call-to-action tabs, contains a security flaw. The simplicity and convenience of the plugin, combined with its flexibility in customizing tab behavior and appearance, have made it practical among WordPress users. However, this popularity now poses a security threat due to a vulnerability related to the saved cross-site scripts (XSS) CVE-2024-11183. This flaw can be used to create backdoors that provide attackers with unauthorized access to vulnerable sites.
| CVE | CVE-2024-10551 | 
| Plugin | Simple Side Tab < 2.2.0 | 
| Critical | Low | 
| All Time | 195 981 | 
| Active installations | 10 000+ | 
| Publicly Published | November 19, 2024 | 
| Last Updated | November 19, 2024 | 
| Researcher | Artyom Krugov | 
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) | 
| PoC | Yes | 
| Exploit | No | 
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11183 https://wpscan.com/vulnerability/ff3f2788-d1a1-4a62-a247-39a931308f51/ | 
| Plugin Security Certification by CleanTalk |  | 
| Logo of the plugin |  | 
Timeline
| October 28, 2024 | Plugin testing and vulnerability detection in the Simple Side Tab have been completed | 
| October 28, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing | 
| November 19, 2024 | Registered CVE-2024-11183 | 
Discovery of the Vulnerability
During a routine security audit, researchers identified a stored XSS vulnerability in the “Simple Side Tab” plugin. The issue lies within the “Position from top (px)” parameter (rum_sst_plugin_options[pixels_from_top]) in the plugin’s settings. This parameter allows users to set the vertical position of the tab on the page. However, improper input validation and output encoding make it possible for attackers to inject malicious JavaScript payloads into this field.
Understanding of XSS attack’s
The “Simple Side Tab” vulnerability is a textbook example of this flaw. The “Position from top” setting allows administrators to input custom values, but the lack of sanitization means that malicious payloads can be saved and executed. Once stored, the script executes whenever the affected setting is loaded, posing risks such as session hijacking, credential theft, or even the deployment of backdoors.
Exploiting the XSS Vulnerability
Exploiting this vulnerability requires minimal effort and can be achieved in a few simple steps:
POC:
- Access the WordPress admin dashboard and navigate to the “Simple Side Tab” plugin settings.
- Locate the “Position from top (px)” parameter in the settings.
- Select an icon and modify the “Selected Icons” option.
- Input a malicious payload into the URL field.
- Input a malicious payload, such as:
123123”onmouseover=’alert(1)’
- Save the settings.
____
Once the payload is saved, the XSS is triggered when interacting with the vulnerable field. In the hands of an attacker, this initial exploitation could be leveraged to inject further malicious code, steal session cookies, or plant a backdoor for persistent access.
Recommendations for Improved Security
To reduce the risks associated with CVE-2024-11183, it is important for WordPress administrators to update the Simple Side Tab plugin, since the vulnerability has not been fixed. Administrators should also check user permissions to ensure that non-administrator users (such as editors) do not have access to sensitive settings that could lead to XSS vulnerabilities. The plugin must process all user input, especially in the form verification fields, to prevent the introduction of malicious scripts. In addition, administrators should limit the ability to use unfiltered_html for users who are not trusted, and use security plugins to search for vulnerabilities in WordPress plugins and themes. Implementing a Content Security Policy (CSP) can also help mitigate the effects of any successful XSS attacks by blocking the execution of unreliable scripts. To prevent this type of attack, the vendor used our prevention methods.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-11183, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
Artyom k.