A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Main info:
| CVE | CVE-2024-2744 |
| Plugin | Nextgen Gallery < 3.59.1 |
| Critical | High |
| All Time | 40 354 267 |
| Active installations | 500 000+ |
| Publicly Published | April 26, 2024 |
| Last Updated | April 26, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2744 https://wpscan.com/vulnerability/a5579c15-50ba-4618-95e4-04b2033d721f/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| March 11, 2024 | Plugin testing and vulnerability detection in the NextGEN Gallery plugin have been completed |
| March 11, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| April 26, 2024 | Registered CVE-2024-2744 |
Discovery of the Vulnerability
During routine testing of the NextGen Gallery plugin, security researchers uncovered a vulnerability that allows attackers to execute malicious JavaScript code on behalf of an editor, paving the way for account takeover and unauthorized access.
Understanding of Stored XSS attack’s
Stored XSS, a type of cross-site scripting attack, occurs when malicious scripts are injected into a web application and executed in the context of another user’s session. In WordPress, plugins like NextGen Gallery are susceptible to such attacks if they fail to properly sanitize user inputs.
Exploiting the Stored XSS Vulnerability
By leveraging the vulnerability in NextGen Gallery, attackers can embed malicious script payloads into various fields or components of the plugin, such as widget settings or image descriptions. When unsuspecting users interact with these elements, the malicious code gets executed, leading to potential account compromise.
POC:
You should create new widget ‘NextGEN Widget‘. Change “Text for Media RSS link” field to (feed” asdasd=” onmouseover=’alert(1)’) -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
The CVE-2024-2744 vulnerability poses a significant risk to WordPress websites using the NextGen Gallery plugin. Attackers could exploit this flaw to perform various malicious actions, including but not limited to, creating JavaScript backdoors, redirecting users to phishing sites, or stealing sensitive user information.
Recommendations for Improved Security
Website administrators and WordPress users are advised to update the NextGen Gallery plugin to the latest patched version immediately. Additionally, developers should implement robust input validation and output sanitization mechanisms to prevent XSS vulnerabilities in their plugins. Regular security audits and penetration testing can also help identify and mitigate potential risks proactively.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2744, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
