A critical security flaw, CVE-2024-1219, has been unearthed within Easy Social Feed WordPress plugin, putting websites at risk of compromise. This vulnerability, discovered during routine plugin testing, enables attackers to execute Stored XSS attacks, potentially leading to admin account takeover.

Main info:

CVECVE-2024-1219
PluginEasy Social Feed < 6.5.6
CriticalHigh
All Time2 990 207
Active installations60 000+
Publicly PublishedMarch 25, 2023
Last UpdatedMarch 25, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1219
https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/
Plugin Security Certification by CleanTalk

Timeline

January 26, 2023Plugin testing and vulnerability detection in the Easy Social Feed plugin have been completed
January 26, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
March 25, 2024Registered CVE-2024-1219

Discovery of the Vulnerability

During rigorous plugin testing, security researchers uncovered a vulnerability in Easy Social Feed. This flaw allows attackers to embed malicious code via a shortcode, granting them unauthorized access to the admin account.

Understanding of Stored XSS attack’s

Stored XSS vulnerabilities in WordPress plugins pose a significant threat, allowing attackers to inject malicious scripts into web pages. Such attacks can lead to various consequences, including account takeover, data theft, and website defacement.

Exploiting the Stored XSS Vulnerability

Exploiting CVE-2024-1219 involves crafting a specific shortcode and embedding it in a new post. This malicious shortcode triggers the execution of arbitrary JavaScript code, leading to admin account compromise.

POC:

[efb_likebox fanpage_url=”12312″ asd =”” fb_appid=”12312″;alert(1); asd =”;” box_width=”12312″ asd =”” box_height=”12312″ asd =”” locale=”en_US” responsive=”0″ show_stream=”0″ hide_cover=”0″ small_header=”0″ hide_cta=”0″ ]

___

The exploitation of this vulnerability poses severe risks to affected websites. Attackers can leverage compromised admin accounts to execute further malicious activities, such as spreading malware, stealing sensitive information, or defacing the website.

Recommendation

To mitigate the risk associated with CVE-2024-1219 and similar vulnerabilities, website administrators are advised to promptly update Easy Social Feed to the latest patched version. Additionally, implementing robust security measures, such as web application firewalls (WAFs) and regular security audits, can help detect and prevent such vulnerabilities in the future.

Stay vigilant and proactive in safeguarding your WordPress site against emerging threats like CVE-2024-1219. Your website’s security is paramount, so take action now to prevent potential exploitation.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-1219 – Easy Social Feed – Stored XSS to Admin Account Creation (Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *