The ever-evolving landscape of cybersecurity continually presents new challenges for website administrators, especially those relying on popular content management systems like WordPress. Among the multitude of plugins available, each enhancing functionality and user experience, security vulnerabilities can sometimes emerge, posing significant risks. One such recent discovery involves the “Image Photo Gallery Final Tiles Grid” plugin, widely used for creating visually appealing image galleries. Identified as CVE-2024-3710, this vulnerability represents a critical threat, allowing attackers to execute a Stored Cross-Site Scripting (XSS) attack that could ultimately lead to the creation of unauthorized admin accounts.

CVECVE-2024-3710
PluginImage Photo Gallery Final Tiles Grid < 3.6.0
CriticalHigh
All Time891 292
Active installations20 000+
Publicly PublishedJune 27, 2024
Last UpdatedJune 27, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3710
https://wpscan.com/vulnerability/bde10913-4f7e-4590-86eb-33bfa904f95f/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

March 4, 2024Plugin testing and vulnerability detection in the Image Photo Gallery Final Tiles Grid have been completed
March 4, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 27, 2024Registered CVE-2024-3710

Discovery of the Vulnerability

During routine security testing of the “Image Photo Gallery Final Tiles Grid” plugin, a severe flaw was uncovered that affects versions used by over 20,000 installations. This vulnerability permits contributors to embed malicious JavaScript code within a post, leveraging the plugin’s functionality to escalate privileges and potentially create admin accounts. The specific vector for this attack is the “Additional CSS class on A tag” field within the gallery settings, where unfiltered input can be exploited to insert harmful scripts.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a prevalent web application vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users. In the context of WordPress, XSS attacks can compromise the security of the site by allowing unauthorized actions, such as stealing cookies, session tokens, or even executing arbitrary code. Real-world examples of XSS in WordPress have shown how these vulnerabilities can be exploited to hijack user accounts, deface websites, or distribute malware.

Exploiting the Stored XSS Vulnerability

Exploiting the vulnerability in the “Image Photo Gallery Final Tiles Grid” plugin involves manipulating the “Additional CSS class on A tag” field when creating a new gallery.

POC:

Create a new Gallery and change “Additional CSS class on A tag” field to 123″asdasd=’onmouseover=alert(1)

____

The risks associated with this vulnerability are substantial. Once an attacker successfully executes the XSS payload, they can gain administrative privileges, leading to a complete takeover of the WordPress site. This level of control allows the attacker to modify site content, access sensitive information, and potentially use the compromised site to launch further attacks on visitors. In a real-world scenario, such an attack could result in significant damage to the site’s reputation, loss of user trust, and potential legal implications depending on the nature of the compromised data.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-3710, it is imperative for administrators to update the “Image Photo Gallery Final Tiles Grid” plugin to the latest version, where the vulnerability has been patched. Additionally, implementing robust security practices such as:

  • Restricting contributor permissions to minimize potential attack vectors.
  • Regularly auditing and sanitizing user inputs.
  • Employing a Web Application Firewall (WAF) to detect and block malicious traffic.
  • Conducting periodic security assessments to identify and remediate vulnerabilities.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-3710, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.
CVE-2024-3710 – Image Photo Gallery Final Tiles Grid – Stored XSS to Admin Account Creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *