CVE-2024-0559 – Enhanced Text Widget – Stored XSS – POC

During testing of the Enhanced Text Widget plugin for WordPress, a security vulnerability was identified that allows for Stored Cross-Site Scripting (XSS) attacks. The vulnerability arises from the plugin’s failure to properly validate and escape certain widget options before outputting them back in attributes. As a result, high privilege users such as administrators or editors can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

Main info:

CVE	CVE-2024-0559
Plugin	Enhanced Text Widget < 1.6.6
Critical	High
All Time	772 593
Active installations	50 000+
Publicly Published	February 20, 2023
Last Updated	February 20, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A7: Cross-Site Scripting (XSS)
PoC	Yes
Exploit	No
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0559 https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/
Plugin Security Certification by CleanTalk

Timeline

Discovery of the Vulnerability

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover.

Understanding of Stored XSS attack’s

Stored XSS vulnerabilities occur when user-supplied input is not properly sanitized before being stored and displayed back to other users. In WordPress, this can occur when plugins or themes fail to sanitize input fields or widget options, allowing attackers to inject malicious scripts that are executed within the context of other users’ browsers. Real examples of Stored XSS in WordPress include injecting scripts into comment sections, form fields, or widget content, which can then be executed when other users view the affected pages.

Exploiting the Stored XSS Vulnerability

POC:

1. When creating a new widget, insert the following payload in the “CSS” field – ” onmouseover=”alert(/XSS/)”

___

The CVE-2024-0559 vulnerability in the Enhanced Text Widget plugin poses a significant risk to WordPress websites and their users. In a real-world scenario, an attacker could exploit this vulnerability to execute arbitrary JavaScript code within the context of other users’ sessions. This could lead to account takeover, theft of sensitive information, or the dissemination of malware.

Recommendations for Improved Security

To mitigate the risk associated with CVE-2024-0559 and similar vulnerabilities related to Stored XSS, the following recommendations are provided:

• Update the Enhanced Text Widget plugin to the latest patched version provided by the plugin developer, which should include proper input validation and output escaping mechanisms.
• Implement strict input validation and output escaping in all WordPress plugins and themes to prevent XSS attacks.
• Educate developers about secure coding practices, including the importance of sanitizing user input and properly escaping output.
• Regularly audit and review code for vulnerabilities, including XSS vulnerabilities, as part of the development process.
• Consider using security plugins or web application firewalls (WAFs) to monitor and block XSS attacks and other malicious activity.
• Stay informed about emerging security threats and best practices in WordPress security by participating in security communities and following reputable security resources.

By following these recommendations, website administrators can strengthen the security of their WordPress websites and reduce the risk of exploitation through Stored XSS vulnerabilities in plugins like Enhanced Text Widget.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.