A critical vulnerability, identified as CVE-2024-1658, has been unearthed in the “Grid Shortcodes” plugin for WordPress. This vulnerability, stemming from a Stored XSS flaw, enables malicious actors to create admin accounts via a simple shortcode, posing significant security risks to WordPress websites.
Main info:
| CVE | CVE-2024-1658 |
| Plugin | Grid Shortcodes < 1.1.1 |
| Critical | High |
| All Time | 19 503 |
| Active installations | 2 000+ |
| Publicly Published | February 20, 2023 |
| Last Updated | February 20, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1658 https://wpscan.com/vulnerability/9489925e-5a47-4608-90a2-0139c5e1c43c/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| February 5, 2023 | Plugin testing and vulnerability detection in the Grid Shortcodes have been completed |
| February 5, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| February 20, 2024 | Registered CVE-2024-1658 |
Discovery of the Vulnerability
During rigorous testing of the “Grid Shortcodes” plugin, security researchers uncovered a flaw that allows attackers to execute arbitrary JavaScript code on behalf of a contributor. This vulnerability was discovered in the handling of shortcode attributes, providing a pathway for unauthorized access and account takeover.
Understanding of Stored XSS attack’s
Stored XSS (Cross-Site Scripting) is a common web vulnerability that allows attackers to inject malicious scripts into web applications. In WordPress, this vulnerability can be exploited via various entry points, including input fields, forms, and shortcode attributes. Attackers leverage Stored XSS to execute arbitrary code within the context of a user’s session, leading to unauthorized actions and potential account compromise.
Exploiting the Stored XSS Vulnerability
By crafting a malicious shortcode payload and embedding it within a post or page, attackers can trigger the execution of arbitrary JavaScript code when the content is rendered. In the case of CVE-2024-1658, the vulnerable plugin mishandles shortcode attributes, allowing contributors to inject malicious code that can lead to admin account creation and subsequent account takeover.
POC:
[GDC_row] [GDC_column size='" onmouseover="alert(1123123)"'] Your content here [/GDC_column] [GDC_column size="third"] Your content here [/GDC_column] [GDC_column size="third"] Your content here [/GDC_column] [/GDC_row]___
The exploitation of CVE-2024-1658 poses severe risks to WordPress websites. Malicious actors can leverage this vulnerability to gain unauthorized access to admin privileges, manipulate site content, steal sensitive data, and launch further attacks, such as defacement or malware injection. Real-world scenarios include attackers exploiting the vulnerability to implant backdoors, steal user credentials, or execute malicious actions undetected.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-1658 and similar vulnerabilities, WordPress website administrators are advised to take the following measures:
- Update Plugins: Ensure that all plugins, including “Grid Shortcodes” are kept up-to-date with the latest security patches.
- Implement Input Validation: Developers should thoroughly validate and sanitize user input, especially within shortcode attributes, to prevent XSS attacks.
- User Role Management: Limit the capabilities of lower-privileged user roles, such as contributors, to minimize the impact of potential security vulnerabilities.
- Regular Security Audits: Conduct regular security audits of WordPress plugins and themes to identify and address potential vulnerabilities proactively.
By adhering to these recommendations and maintaining a proactive approach to security, WordPress website administrators can bolster their defenses against XSS vulnerabilities like CVE-2024-1658 and safeguard their websites from exploitation.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
