During routine security testing of the Starbox plugin, researchers uncovered a critical vulnerability designated as CVE-2024-1273. This vulnerability, classified as Stored XSS, allows attackers to execute malicious scripts on a WordPress site by embedding them within the plugin’s functionality.

Main info:

CVECVE-2024-1273
PluginStarbox < 3.5.0
CriticalHigh
All Time451 366
Active installations40 000+
Publicly PublishedFebruary 20, 2023
Last UpdatedFebruary 20, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1273
https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb/
Plugin Security Certification by CleanTalk

Timeline

January 31, 2023Plugin testing and vulnerability detection in the Starbox have been completed
January 31, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
February 10, 2023The author fixed the vulnerability and released the plugin update
February 20, 2023Registered CVE-2024-1273

Discovery of the Vulnerability

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding malicious script, which entails account takeover

Understanding of Stored XSS attack’s

Stored XSS, or Stored Cross-Site Scripting, is a type of vulnerability that arises when user input is not properly sanitized before being stored on a website’s server and later displayed to other users. In the case of WordPress, this can occur when plugins or themes fail to adequately filter user-supplied content, allowing attackers to inject harmful scripts into web pages. Real-world examples of Stored XSS attacks include inserting malicious code into comment fields, contact forms, or any other input areas that accept user-generated content.

Exploiting the Stored XSS Vulnerability

To exploit the Stored XSS vulnerability in the Starbox plugin, attackers can embed malicious scripts within specific parameters, such as profile fields or comment sections. By doing so, they can execute arbitrary code within the context of other users’ browsers, potentially leading to account takeover, data theft, or further compromise of the WordPress site.

POC:

  1. http://132″ onmouseover=’alert(1)’ in account editing page

___

The CVE-2024-1273 vulnerability in Starbox poses a significant risk to WordPress sites, particularly those with user-generated content or community interaction features. Attackers with even low-level roles, such as Contributors, can leverage this vulnerability to inject malicious scripts that compromise the security and integrity of the site. Real-world scenarios may include attackers exploiting the vulnerability to steal sensitive information, deface web pages, distribute malware, or launch phishing attacks.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-1273 and similar vulnerabilities, WordPress site owners should promptly update the Starbox plugin to the latest patched version. Additionally, developers should prioritize implementing robust input validation and output sanitization mechanisms to prevent XSS vulnerabilities in their plugins and themes. Regular security audits and penetration testing can help identify and address potential security flaws before they can be exploited by malicious actors.

By following these recommendations, website administrators can strengthen the security of their WordPress websites and reduce the risk of exploitation through Stored XSS vulnerabilities in plugins like Starbox.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-1273 – Starbox – Contributor+ Stored XSS to account takeover – POC

Leave a Reply

Your email address will not be published. Required fields are marked *