CVE-2024-2444 poses a significant threat to WordPress sites utilizing Inline Related Posts plugin, with over 100,000 installations. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

Main info:

CVECVE-2024-2444
PluginInline Related Posts < 3.5.0
CriticalHigh
All Time1 279 059
Active installations100 000+
Publicly PublishedMarch 20, 2023
Last UpdatedMarch 20, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2444
https://wpscan.com/vulnerability/214e5fd7-8684-418a-b67d-60b1dcf11a48/
Plugin Security Certification by CleanTalk

Timeline

March 11, 2023Plugin testing and vulnerability detection in the Inline Related Posts have been completed
March 11, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
March 20, 2024Registered CVE-2024-2444

Discovery of the Vulnerability

During testing, a flaw was identified within the Inline Related Posts plugin, enabling the injection of malicious scripts via crafted settings. Exploiting this vulnerability grants unauthorized access and facilitates the creation of JavaScript backdoors.

Understanding of Stored XSS attack’s

Stored XSS vulnerabilities allow attackers to inject malicious scripts, which are then stored and executed within the browser of unsuspecting users. In WordPress, this can occur through various entry points such as plugin settings, post content, or user input fields.

Exploiting the Stored XSS Vulnerability

Using the provided POC payload, attackers can manipulate plugin settings to inject malicious scripts. Upon execution, these scripts can compromise user accounts and even create JavaScript backdoors, enabling persistent unauthorized access.

POC:

  1. You should go to settings of the plugin. Change “CSS margin-top” field to (0 em” onmousover=’alert(1)’) -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

___

The exploitation of CVE-2024-2444 presents severe risks, including account takeover, data theft, and website defacement. Attackers can exploit compromised accounts to distribute malware, defraud users, or launch further attacks on the site and its visitors.

Recommendations for Improved Security

  1. Update Immediately: Ensure the Inline Related Posts plugin is updated to the latest patched version.
  2. Input Sanitization: Implement strict input validation and sanitization to mitigate XSS vulnerabilities.
  3. Regular Security Audits: Conduct routine security audits to detect and address vulnerabilities proactively.
  4. Educate Users: Educate users on best practices for identifying and mitigating security threats to enhance overall security posture.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2444, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-2444 – Inline Related Posts – Stored XSS to JS backdoor creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *