During the evaluation of the TJ Shortcodes plugin, a critical vulnerability was identified that permits the execution of Stored Cross-Site Scripting (XSS) attacks. This flaw enables an attacker to inject malicious scripts through a shortcode, posing a risk of account takeover.

Main info:

CVECVE-2023-6530
PluginTJ Shortcodes <= 0.1.3
CriticalHigh
All Time63 309
Active installations2 000+
Publicly PublishedJanuary 3, 2023
Last UpdatedJanuary 3, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitYes
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6530
https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/
Plugin Security Certification by CleanTalk

Timeline

October 17, 2023Plugin testing and vulnerability detection in the TJ Shortcodes have been completed
October 17, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
December 27, 2023The author fixed the vulnerability and released the plugin update
January 3, 2023Registered CVE-2023-6530

Discovery of the Vulnerability

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover

Understanding of XSS attack’s

XSS is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. In WordPress, XSS can manifest in various forms, with stored XSS being one of the most dangerous. Real-world examples include attackers embedding scripts in user-generated content, such as posts or comments, to compromise the accounts of other users.

Exploiting the XSS Vulnerability

The identified vulnerability can be exploited by embedding a malicious shortcode in a new post.

POC:

[junkie-button url=”http://example.com” style=”grey” size=”small” type=”round” target='” onmouseover=”alert(/XSS/)”‘] Button Text[/junkie-button]

___

In this scenario, the onmouseover attribute contains a script that triggers an alert with the message “XSS” when the mouse hovers over the button.

The potential risk associated with this Stored XSS vulnerability is severe. Attackers could craft malicious shortcodes to execute arbitrary scripts, leading to account takeover, data theft, or unauthorized actions on behalf of the affected contributor. In real-world scenarios, this could result in the compromise of user accounts and sensitive information.

Recommendations for Improved Security

  • Input Sanitization: Implement strict input sanitization for shortcodes to prevent the execution of malicious scripts.
  • Content Security Policy (CSP): Employ CSP headers to control which resources can be loaded and executed, mitigating the impact of XSS attacks.
  • Regular Audits: Conduct regular security audits to identify and address vulnerabilities within WordPress plugins.
  • Plugin Update: Ensure the TJ Shortcodes plugin is regularly updated to include the latest security patches.
  • Educate Contributors: Educate contributors and users about the risks associated with arbitrary script execution and the importance of avoiding suspicious shortcodes.

By following these recommendations, WordPress site administrators can significantly reduce the risk of XSS attacks and maintain a more secure environment for both contributors and users.

#WordPressSecurity #XSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2023-6530 – TJ Shortcodes – Stored XSS via shortcode – POC

Leave a Reply

Your email address will not be published. Required fields are marked *