During a security assessment of the Neon Text WordPress plugin, a critical vulnerability was identified in versions up to 1.1. This plugin, which is designed for adding neon text effects to posts, allowed for a Stored Cross-Site Scripting (XSS) attack via the use of shortcodes. This vulnerability was discovered through rigorous testing and analysis.
Main info:
| CVE | CVE-2023-5817 |
| Plugin | Neon Text |
| Critical | High |
| Vulnerable sites | 3 346 |
| Publicly Published | October 28, 2023 |
| Last Updated | October 28, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | Will be later |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5817 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/neon-text/neon-text-11-authenticated-contributor-stored-cross-site-scripting |
| Plugin Security Certification by CleanTalk |  |
Timeline
| October 20, 2023 | Plugin testing and vulnerability detection in the Neon Text plugin have been completed |
| October 20, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| October 26, 2023 | The author has released a fix update |
| October 28, 2023 | Registered CVE-2023-5817 |
Discovery of the Vulnerability
The Neon Text WordPress plugin, versions up to 1.1, contains a critical security vulnerability that enables attackers to conduct a Stored Cross-Site Scripting (XSS) attack. This type of vulnerability arises when the web application does not properly validate and sanitize user-generated input, which, in this case, involves shortcodes. The vulnerability allows contributors and users with higher privileges to embed malicious scripts within new posts using these shortcodes.
Understanding of Stored XSS attack’s
Stored Cross-Site Scripting (XSS) is a type of web vulnerability where an attacker injects malicious scripts into a web application. These scripts are then stored on the target server and executed when other users access the infected content. In the case of the Neon Text plugin, the vulnerability allowed contributors or higher-privileged users to insert malicious scripts into new posts using shortcodes.
Exploiting
To exploit this Stored XSS vulnerability, an attacker with contributor-level access or higher could craft a post with the malicious shortcode. After posting, when other users, including administrators, view the post, the injected script executes in their browsers. This script can potentially steal user data, session cookies, or perform actions on behalf of the user without their consent.
POC shortcode:
[neontext_box][neontext color='” onmouseover=”alert(/XSS/)”‘ reblinkProbability=”0.1″ blinkmin=”0.1″ blinkmax=”0.4″ loopmin=”0.4″ loopmax=”0.2″ glow=”123″ blink=”3″ off=”4″]123[/neontext][/neontext_box]
___
The potential risks associated with this vulnerability are significant. An attacker could use it to steal sensitive user information, impersonate users, deface websites, or distribute malware to website visitors. In real-world scenarios, this vulnerability could be exploited to compromise user accounts, damage the website’s reputation, or even lead to legal consequences if private user data is exposed.
Recommendations for Improved Security
To mitigate this vulnerability and improve security, the following actions should be taken:
- Update the Plugin: Website administrators should immediately update the Neon Text plugin to the latest secure version. Developers often release patched versions to fix security issues.
- Input Validation: Implement strict input validation on user-generated content, especially when allowing shortcodes or HTML input. Ensure that potentially harmful content is sanitized or properly encoded.
- Least Privilege Principle: Assign user roles and permissions with the least privilege necessary. Contributors should not have the ability to use potentially dangerous shortcodes.
- Regular Security Audits: Regularly perform security audits and testing on WordPress plugins and themes to identify and remediate vulnerabilities.
- Security Awareness: Educate content creators and administrators about security best practices and the risks of malicious code injection.
Addressing this vulnerability is crucial to maintaining the security and integrity of WordPress websites using the Neon Text plugin. Website administrators should act promptly to protect their users and data.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
