The recent discovery of CVE-2024-1660 in the Top Bar plugin unveils a critical vulnerability in WordPress, allowing for Stored XSS attacks. This flaw poses a significant risk to website security and warrants immediate attention from site administrators. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Main info:
| CVE | CVE-2024-1660 |
| Plugin | Top Bar < 3.0.5 |
| Critical | High |
| All Time | 261 904 |
| Active installations | 20 000+ |
| Publicly Published | March 25, 2023 |
| Last Updated | March 25, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1660 https://wpscan.com/vulnerability/5bd16f84-22bf-4170-b65c-08caf67d0005/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| February 11, 2023 | Plugin testing and vulnerability detection in the Top Bar plugin have been completed |
| February 11, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 25, 2024 | Registered CVE-2024-1660 |
Discovery of the Vulnerability
During routine testing of the Top Bar plugin, security researchers identified a flaw that enables attackers to execute malicious scripts via Stored XSS, leading to potential account takeover through backdoor creation.
Understanding of Stored XSS attack’s
Stored XSS exploits allow attackers to inject malicious scripts into a website’s content, such as posts or comments. When unsuspecting users interact with the compromised content, the injected scripts execute within their browsers, enabling attackers to steal sensitive information or hijack user accounts.
Exploiting the Stored XSS Vulnerability
In the case of CVE-2024-1660, attackers can embed malicious scripts within the Top Bar plugin settings, posing as editors. Upon saving the settings, the injected payload remains dormant until triggered by unsuspecting users interacting with the compromised element.
POC:
- You should click on “Top Bar Menu” and submit first request. Change tpbr_color parametr to (” onmouseover=’alert(1)’)
___
The vulnerability exposes websites to various risks, including unauthorized access to sensitive data, account takeover, and the deployment of additional malware. Attackers could exploit this flaw to compromise user accounts, deface websites, or steal valuable information.
Recommendations for Improved Security
Website administrators are strongly advised to update the Top Bar plugin to the latest version immediately. Additionally, implementing measures to restrict the execution of JavaScript in user-generated content and regularly monitoring for suspicious activity can help mitigate the risk of XSS attacks.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-1660, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
