A critical vulnerability, CVE-2024-1849, has been unearthed in WP Customer Reviews, posing a significant threat to WordPress websites. This flaw enables attackers to orchestrate malicious redirects, potentially leading to severe consequences for site owners and users alike.
Main info:
| CVE | CVE-2024-1849 |
| Plugin | WP Customer Reviews < 3.7.1 |
| Critical | High |
| All Time | 1 172 510 |
| Active installations | 30 000+ |
| Publicly Published | March 25, 2023 |
| Last Updated | March 25, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A1: Injection |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1849 https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| February 14, 2023 | Plugin testing and vulnerability detection in the WP Customer Reviews plugin have been completed |
| February 14, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 25, 2024 | Registered CVE-2024-1849 |
Discovery of the Vulnerability
During rigorous testing of the plugin’s functionalities, security researchers stumbled upon a loophole that permits attackers to inject malicious code, thus facilitating unauthorized redirects. This vulnerability, observed in instances where users possess Contributor+ privileges, underscores the pressing need for heightened vigilance in WordPress security protocols.
Understanding of Malicious Redirect attack’s
Malicious redirects represent a common tactic employed by cybercriminals to reroute unsuspecting users to harmful or fraudulent websites. By exploiting vulnerabilities within WordPress plugins, attackers can surreptitiously insert code snippets that trigger automatic redirection, thereby compromising the integrity and safety of the affected sites.
Exploiting the Malicious Redirect Vulnerability
The POC (Proof of Concept) for CVE-2024-1849 elucidates the simplicity with which attackers can execute malicious redirects. By leveraging the vulnerability within WP Customer Reviews, malevolent actors can inject malicious code into specific fields, such as the “Business Name,” thereby initiating unauthorized redirects to potentially harmful destinations.
POC:
1) Create new Post
2) In bottom of the page put in “Buissnes Name” field this text – (0;http://smth.me/” HTTP-EQUIV=”refresh” a=”a)
___
The ramifications of this vulnerability are far-reaching, with the potential to inflict significant harm on both website owners and visitors. Malicious redirects can lead to the dissemination of malware, phishing attacks, or exposure to fraudulent schemes, resulting in reputational damage, financial losses, and compromised user data.
Recommendations for Improved Security
To mitigate the risk posed by CVE-2024-1849 and similar vulnerabilities, website owners are urged to promptly update their WP Customer Reviews plugin to the latest patched version. Additionally, implementing robust security measures such as regular security audits, strict access controls, and web application firewalls can fortify defenses against potential threats, safeguarding WordPress sites and their users from exploitation.
Stay vigilant and proactive in safeguarding your WordPress site against emerging threats like CVE-2024-1849. Your website’s security is paramount, so take action now to prevent potential exploitation.
#WordPressSecurity #MaliciousRedirect #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
