In the realm of WordPress plugins, Quiz and Survey Master stands out as an indispensable tool for creating interactive and engaging content. From viral quizzes to employee surveys, this plugin offers a wide array of features to enhance user engagement and drive traffic to your website. However, even the most useful plugins can harbor critical vulnerabilities. Recently, CVE-2024-4934, a Stored XSS vulnerability, was discovered in Quiz and Survey Master, posing a significant risk to WordPress sites. This article delves into the details of this vulnerability, its implications, and the steps necessary to safeguard against it.

CVECVE-2024-4934
PluginQuiz And Survey Master < 9.0.2
CriticalHigh
All Time2 384 860
Active installations40 000+
Publicly PublishedJune 10, 2024
Last UpdatedJune 10, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4934/
https://wpscan.com/vulnerability/a2270ee1-3211-4b16-b3d7-6cdd732f7155/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

May 3, 2024Plugin testing and vulnerability detection in the Quiz and Survey Master have been completed
May 3, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 10, 2024Registered CVE-2024-4934

Discovery of the Vulnerability

During security testing, a critical vulnerability CVE-2024-4934 was identified in the Quiz and Survey Master plugin. This Stored XSS vulnerability allows users with Contributor-level access to embed malicious scripts into quizzes and surveys. These scripts can be executed when viewed by administrators, leading to potential account takeovers and other malicious activities. The vulnerability exists due to improper sanitization of user inputs in various fields within the plugin.

Understanding of Stored XSS attack’s

Stored XSS (Cross-Site Scripting) is a type of security vulnerability where an attacker injects malicious scripts into a web application, which are then stored on the server and executed whenever the compromised content is accessed. Unlike Reflected XSS, Stored XSS has a broader impact as it affects multiple users and persists until the malicious code is removed.

In WordPress, Stored XSS vulnerabilities can be particularly dangerous. For example, if an attacker injects a malicious script into a comment field, every user who views that comment will inadvertently execute the script. This can lead to stolen session cookies, unauthorized actions, or even full account takeovers. The Quiz and Survey Master plugin’s vulnerability is a textbook case of how Stored XSS can be leveraged to execute malicious activities within a WordPress site.

Exploiting the Stored XSS Vulnerability

The vulnerability is reproduced by a user with Contributor rights on a Website with the Quiz and Survey Master plugin and saves the Stored XSS to a new post.

  1. Log in to the GSM panel
  2. Log in to Quizzes & Surveys
  3. Add a new questionnaire
  4. In the paragraph page, add a payload
  5. Also add a payload to the questions
  6. Go to Add Post
  7. Select the GSM unit and add the created questionnaire with the payload and save it

POC: The payload entered into the fields: “&gt;&lt;script&gt;&lt;/script&gt;&lt;img src=x onerror=alert(document.domain)&gt;

____

The risks associated with CVE-2024-2762 are significant, particularly for websites with multiple contributors. Real-world scenarios include:

  • Unauthorized Admin Account Creation: Attackers can create new admin accounts, granting them full control over the site.
  • Data Theft: Sensitive information, including user credentials and personal data, can be exfiltrated.
  • Site Defacement: Attackers can alter site content, causing reputational damage and loss of user trust.
  • Extended Exploitation: With admin access, attackers can install additional malicious plugins or scripts, deepening their control over the site.

The impact of such scenarios can be devastating, highlighting the need for robust security measures.

Recommendations for Improved Security

To mitigate the risks posed by the CVE-2024-4934 vulnerability, the following security measures are recommended:

  • Update the Plugin: Ensure that the FooGallery plugin is updated to the latest version, which should include patches for known vulnerabilities.
  • Sanitize Inputs: Implement comprehensive input validation and sanitization to prevent the injection of malicious scripts.
  • Limit Contributor Privileges: Restrict the capabilities of contributors to minimize potential attack vectors.
  • Regular Security Audits: Conduct periodic security reviews of all installed plugins and themes.
  • Educate Users: Provide training for site administrators and contributors on security best practices and the importance of vigilance against potential threats.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4934, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-4934 – Quiz and Survey Master – Stored XSS to Admin Account Creation (Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *