CVE-2024-5578 exposes a critical Stored Cross-Site Scripting (XSS) vulnerability in the Table of Contents Plus plugin, widely used in WordPress for creating table of contents sections within posts and pages. With over 300,000 installations, this plugin is a valuable tool for content-heavy websites. However, this vulnerability allows attackers to embed malicious JavaScript code within the plugin’s settings, specifically in the “Hide text” field. If exploited, this vulnerability can lead to backdoor creation, admin account takeover, and long-term control of the WordPress site.
CVE | CVE-2024-5578 |
Plugin | Table of Contents Plus <= 2408 |
Critical | High |
All Time | 3 456 689 |
Active installations | 300 000+ |
Publicly Published | October 15, 2024 |
Last Updated | October 15, 2024 |
Researcher | Dmitrii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5578 https://wpscan.com/vulnerability/641e4fc3-4214-4c2e-8245-15e9dcdd37b4/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
May 15, 2024 | Plugin testing and vulnerability detection in the Table of Contents Plus have been completed |
May 15, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
October 15, 2024 | Registered CVE-2024-5578 |
Discovery of the Vulnerability
The vulnerability was discovered during security testing when it was observed that the “Hide text” field in the Table of Contents Plus settings lacks proper input sanitization. This flaw permits attackers to inject harmful JavaScript, which executes whenever a privileged user, such as an admin, interacts with a post containing the table of contents.
Understanding of XSS attack’s
Cross-Site Scripting (XSS) vulnerabilities occur when applications fail to sanitize user input, enabling attackers to inject malicious scripts into a webpage. Stored XSS, as found in CVE-2024-5578, is particularly dangerous because the injected code is saved in the site’s database and triggered whenever the affected element is accessed.
In WordPress, XSS vulnerabilities are significant because they can lead to account hijacking, data theft, and privilege escalation. For instance, in the Table of Contents Plus plugin, attackers can inject JavaScript into the “Hide text” field, which executes when the table of contents is displayed. Similar XSS vulnerabilities in WordPress plugins have led to compromised sites, data breaches, and even malware distribution.
Exploiting the XSS Vulnerability
To exploit CVE-2024-5578, an attacker with editor-level permissions needs to modify the “Hide text” field in the plugin’s settings, using a payload such as:
POC:
You should create new post with two more heading. Go to the settings of the plugin and change "Hide text" field to "Malicious JS code eval() and etc. For example <img src=x onerror=alert(1)>" -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
The risks associated with CVE-2024-5578 are substantial. A successful exploitation can result in admin account hijacking, allowing the attacker to gain full control over the site. High-traffic websites using Table of Contents Plus for structured content could be particularly vulnerable, as attackers may use this access to alter site content, redirect visitors to malicious sites, or steal sensitive information.
Recommendations for Improved Security
To mitigate the risks posed by CVE-2024-5578, WordPress administrators should delete the Table of Contents Plus plugin. Developers must implement proper input sanitization for fields such as the “Hide text” field to prevent the insertion of JavaScript and other potentially harmful code.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-5578, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Dmitrii I.