A critical vulnerability, CVE-2024-1745, has emerged in the Testimonial Slider plugin for WordPress, compromising the integrity of website settings. This flaw grants non-privileged users unauthorized access to manipulate plugin configurations, posing significant security risks.

Main info:

CVECVE-2024-1745
PluginTestimonial Slider < 2.3.7
CriticalHigh
All Time398 557
Active installations30 000+
Publicly PublishedMarch 5, 2023
Last UpdatedMarch 5, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1745
https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/
Plugin Security Certification by CleanTalk

Timeline

February 14, 2023Plugin testing and vulnerability detection in the Testimonial Slider have been completed
February 14, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
March 5, 2024Registered CVE-2024-1745

Discovery of the Vulnerability

During rigorous testing of the Testimonial Slider plugin, security researchers uncovered a vulnerability enabling unauthorized users to tamper with plugin settings. By exploiting this flaw, attackers can manipulate critical configurations without proper authentication.

Understanding of Broken Logic Control attack’s

Broken logic control to settings update refers to a vulnerability where inadequate authorization checks allow unauthorized users to modify plugin settings. In WordPress, plugins often contain settings pages accessible to administrators only. However, flaws in logic or inadequate validation can enable non-administrative users to bypass these restrictions and alter configurations.

Exploiting the Broken Logic Control Vulnerability

To exploit this vulnerability, an attacker first identifies a page containing the Testimonial Slider plugin and intercepts the nonce token used for authentication. Subsequently, the attacker crafts a malicious request, inserting the intercepted nonce token and cookies, granting them unauthorized access to alter plugin settings.

POC:

1) Go to a page where one of the sliders is already in use and intercept the nonce tss

2) Insert the found nonce and cookies into the request to change the plugin settings

___

The exploitation of this vulnerability can lead to severe consequences, including unauthorized modifications to plugin configurations. Attackers can potentially disrupt website functionality, inject malicious content, or even escalate privileges. Moreover, compromised plugin settings may facilitate further attacks, compromising the entire WordPress installation.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-1745 and similar vulnerabilities, website administrators are advised to promptly update the Testimonial Slider plugin to the latest patched version. Additionally, implementing robust access controls, such as proper authorization checks and nonce validation, can help prevent unauthorized access to plugin settings. Regular security audits and monitoring for unusual activities are also recommended to detect and respond to potential threats promptly.

By following these recommendations, website owners can enhance the security posture of their WordPress sites and protect against the exploitation of Broken Logic Control vulnerabilities like CVE-2024-1745.

#WordPressSecurity #BrokenLogicControl #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.
CVE-2024-1745 – Testimonial Slider – Broken Logic Control to Settings Update – POC

Leave a Reply

Your email address will not be published. Required fields are marked *