During the evaluation of the TJ Shortcodes plugin, a critical vulnerability was identified that permits the execution of Stored Cross-Site Scripting (XSS) attacks. This flaw enables an attacker to inject malicious scripts through a shortcode, posing a risk of account takeover.
Main info:
| CVE | CVE-2023-6530 |
| Plugin | TJ Shortcodes <= 0.1.3 |
| Critical | High |
| All Time | 63 309 |
| Active installations | 2 000+ |
| Publicly Published | January 3, 2023 |
| Last Updated | January 3, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | Yes |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6530 https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| October 17, 2023 | Plugin testing and vulnerability detection in the TJ Shortcodes have been completed |
| October 17, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| December 27, 2023 | The author fixed the vulnerability and released the plugin update |
| January 3, 2023 | Registered CVE-2023-6530 |
Discovery of the Vulnerability
In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover
Understanding of XSS attack’s
XSS is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. In WordPress, XSS can manifest in various forms, with stored XSS being one of the most dangerous. Real-world examples include attackers embedding scripts in user-generated content, such as posts or comments, to compromise the accounts of other users.
Exploiting the XSS Vulnerability
The identified vulnerability can be exploited by embedding a malicious shortcode in a new post.
POC:
[junkie-button url=”http://example.com” style=”grey” size=”small” type=”round” target='” onmouseover=”alert(/XSS/)”‘] Button Text[/junkie-button]
___
In this scenario, the onmouseover attribute contains a script that triggers an alert with the message “XSS” when the mouse hovers over the button.
The potential risk associated with this Stored XSS vulnerability is severe. Attackers could craft malicious shortcodes to execute arbitrary scripts, leading to account takeover, data theft, or unauthorized actions on behalf of the affected contributor. In real-world scenarios, this could result in the compromise of user accounts and sensitive information.
Recommendations for Improved Security
- Input Sanitization: Implement strict input sanitization for shortcodes to prevent the execution of malicious scripts.
- Content Security Policy (CSP): Employ CSP headers to control which resources can be loaded and executed, mitigating the impact of XSS attacks.
- Regular Audits: Conduct regular security audits to identify and address vulnerabilities within WordPress plugins.
- Plugin Update: Ensure the TJ Shortcodes plugin is regularly updated to include the latest security patches.
- Educate Contributors: Educate contributors and users about the risks associated with arbitrary script execution and the importance of avoiding suspicious shortcodes.
By following these recommendations, WordPress site administrators can significantly reduce the risk of XSS attacks and maintain a more secure environment for both contributors and users.
#WordPressSecurity #XSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
