A critical vulnerability, CVE-2024-2583, has been uncovered in Shortcodes Ultimate, a popular WordPress plugin with over 600,000 installations. This flaw allows attackers to exploit Stored XSS, potentially leading to unauthorized admin account creation and compromising entire websites.
Main info:
| CVE | CVE-2024-2583 |
| Plugin | Shortcodes Ultimate < 7.0.5 |
| Critical | Very High |
| All Time | 19 068 645 |
| Active installations | 600 000+ |
| Publicly Published | March 21, 2023 |
| Last Updated | March 21, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2583 https://wpscan.com/vulnerability/98d8c713-e8cd-4fad-a8fb-7a40db2742a2/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| March 14, 2023 | Plugin testing and vulnerability detection in the Shortcodes Ultimate have been completed |
| March 14, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 21, 2024 | Registered CVE-2024-2583 |
Discovery of the Vulnerability
During plugin testing, security researchers discovered that Shortcodes Ultimate fails to properly sanitize user input, allowing contributors to inject malicious JavaScript code via shortcode attributes.
Understanding of Stored XSS attack’s
Stored XSS enables attackers to execute arbitrary code within the context of a website, posing significant security risks. In this case, by embedding crafted shortcodes, contributors can trigger malicious actions, such as creating admin accounts without proper validation.
Exploiting the Sensitive Data Exposure Vulnerability
Using a crafted shortcode like [su_note note_color=’123″onmouseover=”alert(1)”‘ text_color=’1′ radius=’1′ class=’1’ id=”1″], contributors can inject arbitrary JavaScript code. When an admin views the affected page, the injected script executes, potentially leading to admin account creation.
POC:
[su_note note_color=’123″onmouseover=”Malicious_Function_Here“‘ text_color=’1′ radius=’1′ class=’1’ id=”1”]Note text[/su_note]
____
This vulnerability poses severe risks, allowing attackers to gain unauthorized access to WordPress admin accounts. Such access grants them control over website content, user data, and potentially sensitive information, leading to data breaches, defacement, or further exploitation.
Recommendations for Improved Security
- Update Immediately: WordPress site administrators must update Shortcodes Ultimate to the latest patched version to mitigate this vulnerability.
- Regular Security Audits: Conduct regular security audits of plugins and themes to identify and address potential vulnerabilities promptly.
- Input Sanitization: Developers should implement robust input validation and sanitization techniques to prevent XSS attacks.
- Security Headers: Implement Content Security Policy (CSP) headers to mitigate the impact of XSS attacks.
- User Education: Educate users on safe practices, such as avoiding executing scripts from untrusted sources and keeping plugins updated.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2583, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
