The ever-evolving landscape of cybersecurity continually presents new challenges for website administrators, especially those relying on popular content management systems like WordPress. Among the multitude of plugins available, each enhancing functionality and user experience, security vulnerabilities can sometimes emerge, posing significant risks. One such recent discovery involves the “Image Photo Gallery Final Tiles Grid” plugin, widely used for creating visually appealing image galleries. Identified as CVE-2024-3710, this vulnerability represents a critical threat, allowing attackers to execute a Stored Cross-Site Scripting (XSS) attack that could ultimately lead to the creation of unauthorized admin accounts.
| CVE | CVE-2024-3710 |
| Plugin | Image Photo Gallery Final Tiles Grid < 3.6.0 |
| Critical | High |
| All Time | 891 292 |
| Active installations | 20 000+ |
| Publicly Published | June 27, 2024 |
| Last Updated | June 27, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3710 https://wpscan.com/vulnerability/bde10913-4f7e-4590-86eb-33bfa904f95f/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| March 4, 2024 | Plugin testing and vulnerability detection in the Image Photo Gallery Final Tiles Grid have been completed |
| March 4, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| June 27, 2024 | Registered CVE-2024-3710 |
Discovery of the Vulnerability
During routine security testing of the “Image Photo Gallery Final Tiles Grid” plugin, a severe flaw was uncovered that affects versions used by over 20,000 installations. This vulnerability permits contributors to embed malicious JavaScript code within a post, leveraging the plugin’s functionality to escalate privileges and potentially create admin accounts. The specific vector for this attack is the “Additional CSS class on A tag” field within the gallery settings, where unfiltered input can be exploited to insert harmful scripts.
Understanding of Stored XSS attack’s
Cross-Site Scripting (XSS) is a prevalent web application vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users. In the context of WordPress, XSS attacks can compromise the security of the site by allowing unauthorized actions, such as stealing cookies, session tokens, or even executing arbitrary code. Real-world examples of XSS in WordPress have shown how these vulnerabilities can be exploited to hijack user accounts, deface websites, or distribute malware.
Exploiting the Stored XSS Vulnerability
Exploiting the vulnerability in the “Image Photo Gallery Final Tiles Grid” plugin involves manipulating the “Additional CSS class on A tag” field when creating a new gallery.
POC:
Create a new Gallery and change “Additional CSS class on A tag” field to 123″asdasd=’onmouseover=alert(1)
____
The risks associated with this vulnerability are substantial. Once an attacker successfully executes the XSS payload, they can gain administrative privileges, leading to a complete takeover of the WordPress site. This level of control allows the attacker to modify site content, access sensitive information, and potentially use the compromised site to launch further attacks on visitors. In a real-world scenario, such an attack could result in significant damage to the site’s reputation, loss of user trust, and potential legal implications depending on the nature of the compromised data.
Recommendations for Improved Security
To mitigate the risk posed by CVE-2024-3710, it is imperative for administrators to update the “Image Photo Gallery Final Tiles Grid” plugin to the latest version, where the vulnerability has been patched. Additionally, implementing robust security practices such as:
- Restricting contributor permissions to minimize potential attack vectors.
- Regularly auditing and sanitizing user inputs.
- Employing a Web Application Firewall (WAF) to detect and block malicious traffic.
- Conducting periodic security assessments to identify and remediate vulnerabilities.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-3710, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
