CVE-2024-5968 is a critical vulnerability affecting the Photo Gallery by 10Web plugin, which has over 200,000 active installations. The flaw enables attackers to execute Stored Cross-Site Scripting (XSS) by injecting malicious JavaScript (JS) code into the plugin’s settings. When exploited, this vulnerability allows for admin account takeover, backdoor creation, and potentially long-term control over the WordPress site.
CVE | CVE-2024-5968 |
Plugin | Photo Gallery by 10Web <= 1.8.27 |
Critical | High |
All Time | 18 480 323 |
Active installations | 200 000+ |
Publicly Published | September 14, 2024 |
Last Updated | September 14, 2024 |
Researcher | Dmitrii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5968 https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
June 11, 2024 | Plugin testing and vulnerability detection in the Photo Gallery by 10Web have been completed |
June 11, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
September 14, 2024 | Registered CVE-2024-5968 |
Discovery of the Vulnerability
During security testing, it was discovered that the “Alt text” field in the image settings of the Photo Gallery by 10Web plugin is vulnerable to Stored XSS attacks. The plugin does not adequately sanitize user inputs in this field, enabling attackers to inject harmful JavaScript. Once saved, the malicious script executes when administrators or other users with high privileges view or interact with the affected gallery.
Understanding of XSS attack’s
Cross-Site Scripting (XSS) is a common web vulnerability that occurs when user input is not properly sanitized, allowing attackers to inject and execute scripts in a user’s browser. In WordPress, Stored XSS poses a significant threat because the malicious script is stored in the site’s database and triggered whenever the affected component is accessed.
In the case of CVE-2024-5968, the vulnerability in the Photo Gallery by 10Web plugin allows contributors or editors to inject JavaScript into the “Alt text” field, leading to execution when the gallery is viewed. This can be exploited for session hijacking, unauthorized admin account creation, or even inserting backdoors that grant long-term access to the attacker.
Exploiting the XSS Vulnerability
Exploiting CVE-2024-5968 involves creating a new gallery and injecting a malicious payload such as:
POC:
You should create new "Gallery". Firstly, you should change "Alt text" field in Image settings to "Malicious JS code eval() and etc. For example <img src=x onerror=alert(1)> -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
The risks associated with CVE-2024-5968 are significant, given the large number of installations and the potential for complete site compromise. Successful exploitation can lead to admin account hijacking, backdoor creation, and long-term site manipulation. For websites that use the Photo Gallery by 10Web plugin to manage large galleries, the consequences can include data theft, site defacement, or even malware distribution.
In real-world scenarios, attackers could use this vulnerability to take over WordPress sites, steal customer data, or distribute malicious content. High-traffic websites, especially those with user-generated content or customer interaction, are particularly vulnerable to exploitation.
Recommendations for Improved Security
To mitigate the risks posed by CVE-2024-5968, WordPress administrators should update the Photo Gallery by 10Web plugin to the latest version once a patch is available. Developers must ensure that all input fields, especially the “Alt text” field, are properly sanitized to prevent XSS attacks.
Administrators should review user roles and permissions to limit the ability of contributors and editors to inject unfiltered HTML or JavaScript. Installing a security plugin that monitors for XSS attempts and blocks suspicious scripts can add an extra layer of protection. Regular security audits and plugin updates are recommended to prevent similar vulnerabilities.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-5968, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Dmitrii I.