During testing of the Shariff Wrapper plugin, a critical vulnerability was identified that allows for the implementation of Stored Cross-Site Scripting (XSS) attacks. This vulnerability enables attackers to execute malicious scripts on behalf of contributors, potentially leading to account takeover and compromise of the WordPress admin account.

Main info:

PluginShariff Wrapper < 4.6.10
All Time848 185
Active installations50 000+
Publicly PublishedFebruary 5, 2023
Last UpdatedFebruary 5, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1106
Plugin Security Certification by CleanTalk


January 30, 2023Plugin testing and vulnerability detection in the Shariff Wrapper have been completed
January 30, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
February 2, 2023The author fixed the vulnerability and released the plugin update
February 5, 2023Registered CVE-2024-1106

Discovery of the Vulnerability

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding malicious script, which entails account takeover.

Understanding of Stored XSS attack’s

Stored XSS, also known as persistent XSS, occurs when an attacker injects malicious scripts into a web application, which are then stored on the server and executed when accessed by other users. In WordPress, this vulnerability can arise when user input is not properly sanitized or validated before being stored in the database.

For example, an attacker can exploit the Stored XSS vulnerability in the Shariff Wrapper plugin by embedding malicious scripts into the “Custom CSS attributes” field, along with the color attribute. When the script-containing CSS is rendered on the website, the malicious code executes, potentially allowing the attacker to perform actions on behalf of authenticated users.

Exploiting the Stored XSS Vulnerability


1)You should put payload to “Custom CSS attributes” and color – 132″ onmouseover=’alert(1)’


The potential risks associated with this vulnerability are severe:

  • Account takeover: Attackers can exploit the Stored XSS vulnerability to hijack user accounts, including admin accounts, and perform unauthorized actions.
  • Data theft: Malicious scripts can steal sensitive information, such as user credentials, session tokens, or personal data, from unsuspecting users.
  • Website defacement: Attackers can deface the website by injecting malicious content or redirecting users to malicious websites.
  • Malware distribution: Attackers can use the compromised website to distribute malware or launch further attacks against visitors.

Recommendations for Improved Security

To mitigate the risks posed by this vulnerability and enhance the security of the Shariff Wrapper plugin, the following recommendations are proposed:

  • Implement input validation and output sanitization to prevent the execution of malicious scripts.
  • Regularly update the Shariff Wrapper plugin to the latest version to ensure that known vulnerabilities are patched promptly.
  • Educate website administrators about the risks of XSS vulnerabilities and the importance of secure coding practices.
  • Monitor user input and website activity for signs of suspicious behavior, such as unexpected script execution or unauthorized access attempts.
  • Utilize security plugins and tools to scan for and mitigate XSS vulnerabilities automatically.
  • Consider implementing content security policies (CSP) to mitigate the impact of XSS attacks by controlling which resources can be loaded on a web page.

By following these recommendations, website administrators can strengthen the security of their WordPress websites and reduce the risk of exploitation through Stored XSS vulnerabilities in plugins like Shariff Wrapper.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2024-1106 – Shariff Wrapper – Stored XSS to Admin Account Creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *