In the ever-evolving landscape of cybersecurity, staying vigilant about potential vulnerabilities in widely-used plugins is crucial. Recently, a critical vulnerability, identified as CVE-2024-4900, was discovered in the SEOPress plugin for WordPress, which has over 300,000 active installations. This vulnerability allows an attacker to execute a malicious redirect by injecting code through a field meant for SEO settings, posing a significant risk to websites using this plugin.

CVECVE-2024-4900
PluginSEOPress < 7.8
CriticalHigh
All Time12 340 358
Active installations300 000+
Publicly PublishedJune 9, 2024
Last UpdatedJune 9, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A1: Injection
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4900
https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

May 10, 2024Plugin testing and vulnerability detection in the SEOPress – On-site SEO have been completed
May 10, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 9, 2024Registered CVE-2024-4900

Discovery of the Vulnerability

The vulnerability was uncovered during routine security testing of the SEOPress plugin. The issue lies in the “Facebook Title” field, which allows for the injection of malicious code. By exploiting this vulnerability, an attacker can create a redirect that sends users to a malicious site without their knowledge. The discovery of this flaw underscores the importance of regular security assessments and the need for developers to implement robust input validation mechanisms.

Understanding of Redirects attack’s

Redirection vulnerabilities in WordPress occur when an attacker can manipulate a URL to redirect users to an unintended destination. This can be particularly dangerous if the destination is a malicious site designed to steal personal information or spread malware. In the context of SEOPress, the vulnerability arises from improper handling of user input in the “Facebook Title” field, which can be exploited by users with Contributor-level permissions or higher.

Real-world examples of such vulnerabilities include cases where attackers have redirected users to phishing sites or sites laden with malware. These attacks not only compromise the affected websites but also damage the trust and reputation of the site owners.

Exploiting the Redirects Vulnerability

To exploit this vulnerability, an attacker needs Contributor-level access or higher. The proof of concept (POC) for this attack involves the following steps:

POC:

1) Create new Post

2) In bottom of the page put in “Facebook Title” field this text – (0;http://smth.me/” HTTP-EQUIV=”refresh” a=”a)

____

The risks associated with this vulnerability are significant. By exploiting this flaw, attackers can:

  • Redirect users to phishing sites designed to steal credentials or personal information.
  • Drive traffic to malicious websites that host malware, potentially compromising users’ devices.
  • Damage the reputation of the affected websites, leading to a loss of user trust and potential financial losses.

In real-world scenarios, attackers could use this vulnerability to target high-traffic websites, amplifying the impact of their malicious activities. For instance, a popular blog using SEOPress could unknowingly redirect thousands of visitors to a phishing site, resulting in widespread data theft.

Recommendations for Improved Security

To mitigate the risks associated with CVE-2024-4900, the following recommendations should be implemented:

  • Update the Plugin: Ensure that you are using the latest version of SEOPress, as the developers are likely to release a patch addressing this vulnerability.
  • Input Validation: Developers should implement robust input validation to prevent the injection of malicious code in user fields.
  • Access Controls: Limit the permissions of Contributor-level users and regularly review user roles and permissions.
  • Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues promptly.
  • User Education: Educate users about the importance of security and the risks associated with vulnerabilities like this one.

By taking proactive measures to address Redirect vulnerabilities like CVE-2024-4900, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #Redirect #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-4900 – SEOPress – On-site SEO – Malicious Redirect via HTTP-EQUIV Injection – POC

Leave a Reply

Your email address will not be published. Required fields are marked *