The Simple Share Buttons Adder plugin is a widely used tool for adding social sharing buttons to WordPress sites, with numerous active installations across the globe. While it offers a straightforward way to enhance website functionality, a critical vulnerability has been discovered that could jeopardize the security of websites using this plugin. Identified as CVE-2024-4094, this vulnerability allows for Stored Cross-Site Scripting (XSS) attacks, which can lead to serious security breaches, including the creation of backdoors for account takeovers.
CVE | CVE-2024-4094 |
Plugin | Simple Share Buttons Adder < 8.5.1 |
Critical | High |
All Time | 4 117 662 |
Active installations | 60 000+ |
Publicly Published | June 9, 2024 |
Last Updated | June 9, 2024 |
Researcher | Dmtirii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4094 https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
April 10, 2024 | Plugin testing and vulnerability detection in the Simple Share Buttons Adder have been completed |
April 10, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
June 9, 2024 | Registered CVE-2024-4924 |
Discovery of the Vulnerability
The vulnerability was uncovered during a routine security assessment of the Simple Share Buttons Adder plugin. Researcher found that by leveraging the “Additional CSS” field in the plugin’s settings, an attacker with editor privileges could inject malicious JavaScript code. This malicious code can then execute arbitrary actions, such as taking over administrator accounts or creating persistent backdoors.
Understanding of Stored XSS attack’s
Cross-Site Scripting (XSS) is a common web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. In the context of WordPress, Stored XSS vulnerabilities are particularly dangerous because they allow attackers to embed harmful scripts that execute whenever a user interacts with the compromised element.
For example, consider a scenario where an attacker injects a script into a WordPress post’s content. Every time an admin or user views that post, the script executes, potentially stealing cookies, session tokens, or even modifying the site content to include more malicious code.
Exploiting the Stored XSS Vulnerability
To exploit this vulnerability, an attacker with editor privileges can navigate to the plugin’s settings and modify the “Additional CSS” field. By inserting a payload such as 123"></style><img src=x onerror=alert(1)>
, the attacker can inject JavaScript that will execute whenever the settings are viewed or applied.
POC:
You should go to settings of the plugin. Change “Additional CSS” field to (123″></style><img src=x onerror=alert(1)>) -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
The implications of this vulnerability are severe. If exploited, attackers could:
- Take over admin accounts, gaining full control over the website.
- Inject persistent backdoors, allowing them to regain access even after initial remediation efforts.
- Execute arbitrary actions on behalf of administrators, including modifying content, installing plugins, or altering site configurations.
In a real-world scenario, this could lead to significant data breaches, defacement of websites, or even the complete loss of control over a WordPress site. Attackers could use the compromised sites as part of larger botnets or to distribute malware to visitors.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-4094, website administrators should:
- Immediately update the Simple Share Buttons Adder plugin to the latest version that addresses this vulnerability.
- Regularly review and audit user roles and permissions to ensure that only trusted individuals have editor or higher privileges.
- Implement a Web Application Firewall (WAF) to filter and block malicious traffic.
- Use security plugins that offer XSS protection and monitor for unusual activities.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4094, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.