Uncovering CVE-2023-5618: Modern Footnotes Plugin Exposes WordPress to Stored XSS via Shortcodes
Main info:
| CVE | CVE-2023-5618 |
| Plugin | Modern Footnotes |
| Critical | High |
| Vulnerable sites | 76 167 |
| Publicly Published | October 20, 2023 |
| Last Updated | October 20, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | Will be later |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5618 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-footnotes/modern-footnotes-1416-authenticated-contributor-stored-cross-site-scripting-via-shortcode |
| Plugin Security Certification by CleanTalk |  |
Timeline
| October 13, 2023 | Plugin testing and vulnerability detection in the Modern Footnotes plugin have been completed |
| October 13, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| October 117, 2023 | The author has released a fix update |
| October 20, 2023 | Registered CVE-2023-5618 |
Discovery of the Vulnerability
In the realm of WordPress, where plugins are integral to extending functionality, a critical vulnerability was recently unearthed. Labeled CVE-2023-5618, this vulnerability is associated with the Modern Footnotes plugin, which, in the hands of an attacker, enables the execution of Stored Cross-Site Scripting (XSS) attacks via embedded shortcodes.
Understanding of Stored XSS attack’s
Stored Cross-Site Scripting (XSS) is a type of web vulnerability that allows an attacker to inject malicious scripts into a website or web application, which are then viewed by other users. In the context of the Modern Footnotes plugin, the vulnerability occurs when an attacker, often posing as a contributor, crafts a shortcode and embeds it within a new post. This seemingly innocuous shortcode contains malicious JavaScript code, which, when triggered by unsuspecting users, can lead to a compromise of their accounts.
Exploiting
The exploit hinges on the trust WordPress places in shortcodes. By design, shortcodes provide a way for users to add dynamic content to their posts with simple tags. However, when they’re used maliciously, the consequences can be dire. An attacker with contributor-level access, who should typically have limited permissions, can now introduce a malicious shortcode that will be executed whenever anyone views the compromised post.
POC shortcode:
[mfn class='” onmouseover=”alert(/XSS/)”‘]
___
The implications of this vulnerability are profound. With just a contributor-level account, an attacker can manipulate a seemingly benign post into a launching pad for a myriad of malicious actions. They can target unsuspecting users, steal sensitive information, or even use their accounts for further exploitation.
A real-world scenario might involve an attacker crafting a deceptive post in a forum or blog that entices users to click. The malicious shortcode executes, granting the attacker access to users’ accounts, potentially compromising their personal data or launching additional attacks within the WordPress ecosystem.
Recommendations for Improved Security
To mitigate the risks associated with this vulnerability and enhance overall security, the following steps are recommended:
- Update or Remove the Vulnerable Plugin: WordPress administrators should immediately update the Modern Footnotes plugin to a patched version or, if a fix is not available, consider removing the plugin from their WordPress installation.
- Regular Security Audits: Regularly review and audit plugins for security vulnerabilities. WordPress websites should adhere to robust security practices.
- Least Privilege Principle: Limit contributor access to only those functions necessary for their role. Avoid unnecessary privileges.
- Content Validation: Implement strong content validation mechanisms to prevent malicious code injection through shortcodes or other content.
- User Awareness: Educate users about the risks of interacting with untrusted content.
CVE-2023-5618 serves as a stark reminder of the need for constant vigilance in the realm of web security. Identifying, mitigating, and preventing vulnerabilities is crucial in ensuring the safety of WordPress websites in an ever-evolving digital landscape.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
