WordPress is a popular content management system used by millions of websites worldwide. Its extensive plugin ecosystem allows users to add a wide range of functionalities to their sites. However, this flexibility can also introduce security vulnerabilities if plugins are not adequately secured. One such vulnerability, identified as CVE-2024-4627, was found in the widely used Rank Math SEO plugin, which has over 2 million active installations.

CVECVE-2024-4627
PluginRank Math SEO < 1.0.219
CriticalHigh
All Time98 462 326
Active installations2 000 000+
Publicly PublishedJune 9, 2024
Last UpdatedJune 9, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4627
https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

May 6, 2024Plugin testing and vulnerability detection in the Rank Math SEO have been completed
May 6, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 9, 2024Registered CVE-2024-4627

Discovery of the Vulnerability

During routine security testing, a severe vulnerability was discovered in the Rank Math SEO plugin. The flaw allows attackers to exploit Stored Cross-Site Scripting (XSS) by embedding malicious JavaScript code through the plugin’s settings. This vulnerability, if exploited, can lead to the creation of backdoors, enabling attackers to take over admin accounts and gain full control of the affected website.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can hijack user sessions, deface websites, or redirect users to malicious sites. In the context of WordPress, XSS vulnerabilities often arise from plugins that do not properly sanitize user input.

In this case, the Rank Math SEO plugin is vulnerable to Stored XSS, where the malicious script is stored on the server and executed when an authorized user accesses the affected page. Such vulnerabilities are particularly dangerous as they can persist across multiple sessions and affect many users.

Exploiting the Stored XSS Vulnerability

To exploit this vulnerability, an attacker needs to follow these steps:

POC:

You should create new post with ‘Table of Contents by Rank Math’ block and change “titleWrapper” field to “script”. Go to the settings of the blocks and change “Table of Contents Title” field to “Malicious JS code eval() and etc” -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

____

The exploitation of CVE-2024-4627 poses significant risks:

  • Account Takeover: Attackers can gain administrative access, allowing them to control the entire website, modify content, add new users, or delete the site altogether.
  • Data Breach: Sensitive information stored on the website, including user data and financial information, could be accessed and exfiltrated.
  • SEO Manipulation: Given the nature of the Rank Math SEO plugin, attackers could manipulate SEO settings to redirect traffic to malicious sites or degrade the site’s search engine rankings.
  • Spread of Malware: Attackers could inject additional malicious scripts to distribute malware to visitors of the compromised website.

Recommendations for Improved Security

To mitigate the risks associated with this vulnerability, the following steps are recommended:

  1. Update Plugins: Ensure that all plugins, including Rank Math SEO, are updated to their latest versions. Developers typically release patches to address known vulnerabilities.
  2. Restrict User Permissions: Limit the number of users with the capability to add or edit content with HTML or JavaScript to minimize potential entry points for XSS attacks.
  3. Sanitize Inputs: Plugin developers should implement rigorous input validation and sanitization to prevent malicious code from being injected.
  4. Regular Security Audits: Conduct regular security audits of all installed plugins and themes to identify and mitigate potential vulnerabilities.
  5. Educate Users: Train users on the importance of security practices, including the dangers of XSS and how to recognize potential security threats.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4627, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-4627 – Rank Math SEO – Stored XSS to backdoor creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *