In the ever-evolving landscape of web security, vulnerabilities within plugins can pose significant threats to websites, particularly those built on widely used platforms like WordPress. One such vulnerability recently discovered is CVE-2024-6025, which affects the Quiz and Survey Master plugin. This flaw allows for Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of admin accounts through malicious JavaScript code. With over 40,000 active installations, the ramifications of this vulnerability are profound, necessitating immediate attention and remediation.

CVECVE-2024-6025
PluginQuiz and Survey Master < 9.0.5
CriticalHigh
All Time2 411 320
Active installations40 000+
Publicly PublishedJune 27, 2024
Last UpdatedJune 27, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6025
https://wpscan.com/vulnerability/15abc7dd-95b1-4dad-ba25-eb65105d3925/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

June 12, 2024Plugin testing and vulnerability detection in the Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker have been completed
June 12, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 27, 2024Registered CVE-2024-6025

Discovery of the Vulnerability

The discovery of CVE-2024-6025 came to light during routine security testing of the Quiz and Survey Master plugin. Security researchers found that contributors could embed malicious JavaScript code within new posts. This stored XSS vulnerability could be exploited to escalate privileges, culminating in the creation of unauthorized admin accounts. The specific payload used to demonstrate this flaw is: 123" asdasd=' onmouseover=alert(1)//.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a prevalent vulnerability in web applications, including WordPress, where malicious scripts are injected into otherwise benign and trusted websites. When these scripts are executed in the context of the victim’s browser, they can perform unauthorized actions such as stealing cookies, session tokens, or other sensitive information, and even altering the content of web pages. Real-world examples of XSS attacks include stealing user credentials, redirecting users to malicious sites, and, as in the case of CVE-2024-6025, creating new administrative accounts.

Exploiting the Stored XSS Vulnerability

To exploit this vulnerability, an attacker needs to follow these steps:

POC:

123″ asdasd=’ onmouseover=alert(1)//

____

The potential risks associated with CVE-2024-6025 are severe. If exploited, this vulnerability could lead to:

  • Unauthorized admin account creation: Attackers can gain full control of the website.
  • Data breaches: Sensitive user information could be accessed and exfiltrated.
  • Website defacement: Malicious actors could alter the website’s content to distribute misinformation or malware.
  • Further exploitation: Compromised sites could be used to launch additional attacks on visitors or other websites.

Recommendations for Improved Security

To mitigate the risks posed by CVE-2024-6025, the following security measures are recommended:

  • Update the Plugin: Ensure the Quiz and Survey Master plugin is updated to the latest version, where this vulnerability is patched.
  • Sanitize and Validate Inputs: Implement rigorous input sanitization and validation to prevent the injection of malicious scripts.
  • Use Security Plugins: Employ security plugins that offer XSS protection and regularly scan for vulnerabilities.
  • Restrict User Permissions: Limit the permissions of contributors and other non-admin users to minimize the risk of exploitation.
  • Regular Security Audits: Conduct regular security audits and penetration tests to identify and address vulnerabilities promptly.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6025, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-6025 – Quiz and Survey Master – Stored XSS to Admin Account Creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *