WordPress plugins significantly enhance the functionality and versatility of websites, making them an integral part of the WordPress ecosystem. However, they also introduce potential security risks that can have severe consequences if not properly managed. A recently discovered vulnerability, CVE-2024-2762, affects the popular FooGallery plugin, which boasts numerous installations. This vulnerability allows contributors to exploit Stored Cross-Site Scripting (XSS) to create malicious admin accounts, potentially compromising the entire website. This article will explore the discovery, understanding, exploitation, risks, and security recommendations associated with this vulnerability.

CVECVE-2024-2762
PluginFooGallery < 2.4.15
CriticalHigh
All Time4 941 656
Active installations100 000+
Publicly PublishedMay 23, 2024
Last UpdatedMay 23, 2024
ResearcherDmitrii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2762/
https://wpscan.com/vulnerability/92e0f5ca-0184-4e9c-b01a-7656e05dce69/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

March 19, 2024Plugin testing and vulnerability detection in the FooGallery have been completed
March 19, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
May 23, 2024Registered CVE-2024-2762

Discovery of the Vulnerability

The CVE-2024-2762 vulnerability was uncovered during a security evaluation of the FooGallery plugin. Researchers identified a critical flaw that permits contributors to inject malicious JavaScript code via the “Custom Gallery Class” field in the plugin’s Advanced settings. This injected script is then stored and executed whenever an admin views the affected gallery. The potential for this vulnerability to escalate into full admin account creation highlights the severity of the issue. The discovery underscores the importance of rigorous security assessments for plugins with extensive user bases.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a widespread security issue that occurs when an attacker injects malicious scripts into content that is later rendered and executed by a user’s browser. In the context of WordPress, XSS vulnerabilities can surface in various forms, such as through comments, post content, or plugin fields.

For instance, a real-world example involves the injection of malicious code into comment fields, which then executes when an admin reviews comments in the WordPress dashboard. Similarly, in the case of CVE-2024-2762, the vulnerability is triggered by injecting a script into the “Custom Gallery Class” field of the FooGallery plugin. This script can execute with the same privileges as the admin viewing the gallery, making it a potent vector for attacks.

Exploiting the Stored XSS Vulnerability

Exploiting CVE-2024-2762 requires an attacker to have contributor access to the WordPress site. The process involves creating a new gallery and injecting a malicious script into the “Custom Gallery Class” field. The following proof-of-concept (PoC) payload demonstrates this:

POC:

Create a new Gallery and change “Custom Gallery Class” field in Advanced settings to 123=”” onpointerenter=”alert(1)”

____

The risks associated with CVE-2024-2762 are significant, particularly for websites with multiple contributors. Real-world scenarios include:

  • Unauthorized Admin Account Creation: Attackers can create new admin accounts, granting them full control over the site.
  • Data Theft: Sensitive information, including user credentials and personal data, can be exfiltrated.
  • Site Defacement: Attackers can alter site content, causing reputational damage and loss of user trust.
  • Extended Exploitation: With admin access, attackers can install additional malicious plugins or scripts, deepening their control over the site.

The impact of such scenarios can be devastating, highlighting the need for robust security measures.

Recommendations for Improved Security

To mitigate the risks posed by the CVE-2024-2762 vulnerability, the following security measures are recommended:

  • Update the Plugin: Ensure that the FooGallery plugin is updated to the latest version, which should include patches for known vulnerabilities.
  • Sanitize Inputs: Implement comprehensive input validation and sanitization to prevent the injection of malicious scripts.
  • Limit Contributor Privileges: Restrict the capabilities of contributors to minimize potential attack vectors.
  • Regular Security Audits: Conduct periodic security reviews of all installed plugins and themes.
  • Educate Users: Provide training for site administrators and contributors on security best practices and the importance of vigilance against potential threats.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2762, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-2762 – FooGallery – Stored XSS to Admin Account Creation (Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *