The recently discovered vulnerability in WP Table Builder, tracked as CVE-2024-3282, exposes over 60,000 websites to serious risks. This Stored Cross-Site Scripting (XSS) flaw allows attackers to inject malicious JavaScript through the plugin’s table block creation process, potentially resulting in the takeover of administrator accounts and the installation of backdoors. Due to inadequate input sanitization, an attacker can exploit this vulnerability to execute arbitrary code, compromising both website security and user data.

CVECVE-2024-3282
PluginWP Table Builder <= 1.5.0
CriticalHigh
All Time1 202 360
Active installations60 000+
Publicly PublishedAugust 19, 2024
Last UpdatedAugust 19, 2024
ResearcherDmitrii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3282
https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

April 2, 2024Plugin testing and vulnerability detection in the WP Table Builder have been completed
April 2, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 19, 2024Registered CVE-2024-3282

Discovery of the Vulnerability

CVE-2024-3282 was found during an analysis of the WP Table Builder’s functionality, particularly in how the plugin handles table block creation in posts. The vulnerability becomes exploitable when a user with permissions to create content, such as an editor, intercepts the request containing action=save_table. By modifying the content field to inject malicious JavaScript, such as <img src=x onerror=alert(1)>, the attacker can save the table block with this embedded payload. The vulnerability allows the script to execute later, typically when the post is viewed by an admin or editor. This oversight in the plugin’s input validation and lack of proper user role filtering contributes to the risk.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) vulnerabilities in WordPress are common due to the extensive use of plugins and the platform’s flexibility in handling user input. Stored XSS occurs when user-supplied data is saved to a server and later executed in the browser of another user. This type of vulnerability can allow attackers to inject harmful scripts into posts, pages, or other sections of a WordPress site, which are then executed when viewed by site admins or visitors.

Exploiting the Stored XSS Vulnerability

To exploit the CVE-2024-3282 vulnerability, an attacker with access to a role like contributor or editor can add a WP Table Builder block to a post. The attacker would then intercept the request to save the table block and modify the “content” field with their payload. A simple proof-of-concept (PoC) might involve injecting a script like <img src=x onerror=alert(1)>, which executes an alert box when the page is viewed. However, more complex attacks could involve stealing admin credentials, injecting backdoors, or gaining further access to the site’s backend.

POC:

1) You should go to creation of new Post. Add a new "WP Table builder" block. Intercept request with action=save_table. Change "content" field to <img src=x onerror=alert(1)> -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
(P.S inside settings of the plugin we can find a function to change access to the creation of a table block, based on this, the vulnerability in some cases may be from contributor+)

____

The risk posed by CVE-2024-3282 is significant due to the widespread use of WP Table Builder across over 60,000 websites. A successful exploitation could allow an attacker to hijack the admin’s session, steal credentials, or even install a persistent backdoor to maintain long-term control over the site. In real-world scenarios, this vulnerability could be used to redirect users to malicious sites, distribute malware, or completely deface the website.

Recommendations for Improved Security

To mitigate the risks posed by CVE-2024-3282, it is crucial to ensure that all plugins, including WP Table Builder, are updated to the latest version, as developers often release patches to address security vulnerabilities. Plugin developers must also implement robust input validation and ensure that user-supplied content is properly sanitized before being stored or displayed.

For WordPress administrators, it’s recommended to review user role permissions, especially for contributors or editors, and disable the unfiltered HTML capability if it’s not necessary. Using security plugins and web application firewalls (WAFs) can also help detect and block XSS attempts before they can exploit vulnerabilities.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-3282, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-3282 – WP Table Builder – Stored XSS to backdoor creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *