A critical security flaw, CVE-2024-1219, has been unearthed within Easy Social Feed WordPress plugin, putting websites at risk of compromise. This vulnerability, discovered during routine plugin testing, enables attackers to execute Stored XSS attacks, potentially leading to admin account takeover.
Main info:
| CVE | CVE-2024-1219 |
| Plugin | Easy Social Feed < 6.5.6 |
| Critical | High |
| All Time | 2 990 207 |
| Active installations | 60 000+ |
| Publicly Published | March 25, 2023 |
| Last Updated | March 25, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1219 https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| January 26, 2023 | Plugin testing and vulnerability detection in the Easy Social Feed plugin have been completed |
| January 26, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 25, 2024 | Registered CVE-2024-1219 |
Discovery of the Vulnerability
During rigorous plugin testing, security researchers uncovered a vulnerability in Easy Social Feed. This flaw allows attackers to embed malicious code via a shortcode, granting them unauthorized access to the admin account.
Understanding of Stored XSS attack’s
Stored XSS vulnerabilities in WordPress plugins pose a significant threat, allowing attackers to inject malicious scripts into web pages. Such attacks can lead to various consequences, including account takeover, data theft, and website defacement.
Exploiting the Stored XSS Vulnerability
Exploiting CVE-2024-1219 involves crafting a specific shortcode and embedding it in a new post. This malicious shortcode triggers the execution of arbitrary JavaScript code, leading to admin account compromise.
POC:
[efb_likebox fanpage_url=”12312″ asd =”” fb_appid=”12312″;alert(1); asd =”;” box_width=”12312″ asd =”” box_height=”12312″ asd =”” locale=”en_US” responsive=”0″ show_stream=”0″ hide_cover=”0″ small_header=”0″ hide_cta=”0″ ]
___
The exploitation of this vulnerability poses severe risks to affected websites. Attackers can leverage compromised admin accounts to execute further malicious activities, such as spreading malware, stealing sensitive information, or defacing the website.
Recommendation
To mitigate the risk associated with CVE-2024-1219 and similar vulnerabilities, website administrators are advised to promptly update Easy Social Feed to the latest patched version. Additionally, implementing robust security measures, such as web application firewalls (WAFs) and regular security audits, can help detect and prevent such vulnerabilities in the future.
Stay vigilant and proactive in safeguarding your WordPress site against emerging threats like CVE-2024-1219. Your website’s security is paramount, so take action now to prevent potential exploitation.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
