The discovery of CVE-2024-2972 sheds light on the vulnerability within Floating Chat Widget (Chaty), unraveling the potential for Stored XSS exploitation. This flaw raises concerns over website security and the potential for malicious backdoor creation. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Main info:
| CVE | CVE-2024-2972 |
| Plugin | Floating Chat Widget (Chaty) < 3.1.9 |
| Critical | High |
| All Time | 3 162 278 |
| Active installations | 200 000+ |
| Publicly Published | March 29, 2023 |
| Last Updated | March 29, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2972 https://wpscan.com/vulnerability/27134a4f-a59b-40e9-8fc8-abe1f58672ad/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| March 8, 2024 | Plugin testing and vulnerability detection in the Floating Chat Widget (Chaty) plugin have been completed |
| March 8, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 29, 2024 | Registered CVE-2024-2972 |
Discovery of the Vulnerability
During the evaluation of Floating Chat Widget (Chaty), a critical vulnerability was unearthed, enabling the injection of malicious script by an admin. This vulnerability, CVE-2024-2972, poses significant risks to WordPress sites, allowing threat actors to execute Stored XSS attacks.
Understanding of Stored XSS attack’s
Stored XSS vulnerabilities in WordPress plugins like Floating Chat Widget (Chaty) enable attackers to embed harmful scripts, which execute when accessed by unsuspecting users. Real-world instances demonstrate how such exploits can compromise website integrity and user security.
Exploiting the Sensitive Data Exposure Vulnerability
By manipulating the “Chaty” plugin’s settings, threat actors can inject malicious script, paving the way for Stored XSS attacks. This exploit grants attackers unauthorized access and the ability to plant JavaScript backdoors, posing severe threats to website security.
POC:
You should click on “Chaty” and create “New Widget”. Change cht_social_Whatsapp[bg_color] field to %23000000″ <script>alert(1)<script> -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
By manipulating the “Chaty” plugin’s settings, threat actors can inject malicious script, paving the way for Stored XSS attacks. This exploit grants attackers unauthorized access and the ability to plant JavaScript backdoors, posing severe threats to website security.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-2972 and similar vulnerabilities, WordPress site owners should prioritize security measures. Implementing regular plugin updates, enforcing strict access controls, and employing web application firewalls are essential steps towards bolstering defenses against Stored XSS attacks.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2972, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
