CVE-2024-2444 poses a significant threat to WordPress sites utilizing Inline Related Posts plugin, with over 100,000 installations. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Main info:
CVE | CVE-2024-2444 |
Plugin | Inline Related Posts < 3.5.0 |
Critical | High |
All Time | 1 279 059 |
Active installations | 100 000+ |
Publicly Published | March 20, 2023 |
Last Updated | March 20, 2023 |
Researcher | Dmtirii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2444 https://wpscan.com/vulnerability/214e5fd7-8684-418a-b67d-60b1dcf11a48/ |
Plugin Security Certification by CleanTalk | |
Timeline
March 11, 2023 | Plugin testing and vulnerability detection in the Inline Related Posts have been completed |
March 11, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
March 20, 2024 | Registered CVE-2024-2444 |
Discovery of the Vulnerability
During testing, a flaw was identified within the Inline Related Posts plugin, enabling the injection of malicious scripts via crafted settings. Exploiting this vulnerability grants unauthorized access and facilitates the creation of JavaScript backdoors.
Understanding of Stored XSS attack’s
Stored XSS vulnerabilities allow attackers to inject malicious scripts, which are then stored and executed within the browser of unsuspecting users. In WordPress, this can occur through various entry points such as plugin settings, post content, or user input fields.
Exploiting the Stored XSS Vulnerability
Using the provided POC payload, attackers can manipulate plugin settings to inject malicious scripts. Upon execution, these scripts can compromise user accounts and even create JavaScript backdoors, enabling persistent unauthorized access.
POC:
- You should go to settings of the plugin. Change “CSS margin-top” field to (0 em” onmousover=’alert(1)’) -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
___
The exploitation of CVE-2024-2444 presents severe risks, including account takeover, data theft, and website defacement. Attackers can exploit compromised accounts to distribute malware, defraud users, or launch further attacks on the site and its visitors.
Recommendations for Improved Security
- Update Immediately: Ensure the Inline Related Posts plugin is updated to the latest patched version.
- Input Sanitization: Implement strict input validation and sanitization to mitigate XSS vulnerabilities.
- Regular Security Audits: Conduct routine security audits to detect and address vulnerabilities proactively.
- Educate Users: Educate users on best practices for identifying and mitigating security threats to enhance overall security posture.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2444, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.