During testing of the Shariff Wrapper plugin, a critical vulnerability was identified that allows for the implementation of Stored Cross-Site Scripting (XSS) attacks. This vulnerability enables attackers to execute malicious scripts on behalf of contributors, potentially leading to account takeover and compromise of the WordPress admin account.
Main info:
| CVE | CVE-2024-1106 |
| Plugin | Shariff Wrapper < 4.6.10 |
| Critical | High |
| All Time | 848 185 |
| Active installations | 50 000+ |
| Publicly Published | February 5, 2023 |
| Last Updated | February 5, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1106 https://wpscan.com/vulnerability/0672f8af-33e2-459c-ac8a-7351247a8a26/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| January 30, 2023 | Plugin testing and vulnerability detection in the Shariff Wrapper have been completed |
| January 30, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| February 2, 2023 | The author fixed the vulnerability and released the plugin update |
| February 5, 2023 | Registered CVE-2024-1106 |
Discovery of the Vulnerability
In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding malicious script, which entails account takeover.
Understanding of Stored XSS attack’s
Stored XSS, also known as persistent XSS, occurs when an attacker injects malicious scripts into a web application, which are then stored on the server and executed when accessed by other users. In WordPress, this vulnerability can arise when user input is not properly sanitized or validated before being stored in the database.
For example, an attacker can exploit the Stored XSS vulnerability in the Shariff Wrapper plugin by embedding malicious scripts into the “Custom CSS attributes” field, along with the color attribute. When the script-containing CSS is rendered on the website, the malicious code executes, potentially allowing the attacker to perform actions on behalf of authenticated users.
Exploiting the Stored XSS Vulnerability
POC:
1)You should put payload to “Custom CSS attributes” and color – 132″ onmouseover=’alert(1)’
___
The potential risks associated with this vulnerability are severe:
- Account takeover: Attackers can exploit the Stored XSS vulnerability to hijack user accounts, including admin accounts, and perform unauthorized actions.
- Data theft: Malicious scripts can steal sensitive information, such as user credentials, session tokens, or personal data, from unsuspecting users.
- Website defacement: Attackers can deface the website by injecting malicious content or redirecting users to malicious websites.
- Malware distribution: Attackers can use the compromised website to distribute malware or launch further attacks against visitors.
Recommendations for Improved Security
To mitigate the risks posed by this vulnerability and enhance the security of the Shariff Wrapper plugin, the following recommendations are proposed:
- Implement input validation and output sanitization to prevent the execution of malicious scripts.
- Regularly update the Shariff Wrapper plugin to the latest version to ensure that known vulnerabilities are patched promptly.
- Educate website administrators about the risks of XSS vulnerabilities and the importance of secure coding practices.
- Monitor user input and website activity for signs of suspicious behavior, such as unexpected script execution or unauthorized access attempts.
- Utilize security plugins and tools to scan for and mitigate XSS vulnerabilities automatically.
- Consider implementing content security policies (CSP) to mitigate the impact of XSS attacks by controlling which resources can be loaded on a web page.
By following these recommendations, website administrators can strengthen the security of their WordPress websites and reduce the risk of exploitation through Stored XSS vulnerabilities in plugins like Shariff Wrapper.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
