A critical vulnerability, CVE-2024-1745, has emerged in the Testimonial Slider plugin for WordPress, compromising the integrity of website settings. This flaw grants non-privileged users unauthorized access to manipulate plugin configurations, posing significant security risks.
Main info:
| CVE | CVE-2024-1745 |
| Plugin | Testimonial Slider < 2.3.7 |
| Critical | High |
| All Time | 398 557 |
| Active installations | 30 000+ |
| Publicly Published | March 5, 2023 |
| Last Updated | March 5, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1745 https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| February 14, 2023 | Plugin testing and vulnerability detection in the Testimonial Slider have been completed |
| February 14, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 5, 2024 | Registered CVE-2024-1745 |
Discovery of the Vulnerability
During rigorous testing of the Testimonial Slider plugin, security researchers uncovered a vulnerability enabling unauthorized users to tamper with plugin settings. By exploiting this flaw, attackers can manipulate critical configurations without proper authentication.
Understanding of Broken Logic Control attack’s
Broken logic control to settings update refers to a vulnerability where inadequate authorization checks allow unauthorized users to modify plugin settings. In WordPress, plugins often contain settings pages accessible to administrators only. However, flaws in logic or inadequate validation can enable non-administrative users to bypass these restrictions and alter configurations.
Exploiting the Broken Logic Control Vulnerability
To exploit this vulnerability, an attacker first identifies a page containing the Testimonial Slider plugin and intercepts the nonce token used for authentication. Subsequently, the attacker crafts a malicious request, inserting the intercepted nonce token and cookies, granting them unauthorized access to alter plugin settings.
POC:
1) Go to a page where one of the sliders is already in use and intercept the nonce tss
2) Insert the found nonce and cookies into the request to change the plugin settings
___
The exploitation of this vulnerability can lead to severe consequences, including unauthorized modifications to plugin configurations. Attackers can potentially disrupt website functionality, inject malicious content, or even escalate privileges. Moreover, compromised plugin settings may facilitate further attacks, compromising the entire WordPress installation.
Recommendations for Improved Security
To mitigate the risk posed by CVE-2024-1745 and similar vulnerabilities, website administrators are advised to promptly update the Testimonial Slider plugin to the latest patched version. Additionally, implementing robust access controls, such as proper authorization checks and nonce validation, can help prevent unauthorized access to plugin settings. Regular security audits and monitoring for unusual activities are also recommended to detect and respond to potential threats promptly.
By following these recommendations, website owners can enhance the security posture of their WordPress sites and protect against the exploitation of Broken Logic Control vulnerabilities like CVE-2024-1745.
#WordPressSecurity #BrokenLogicControl #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
