The Secure Copy Content Protection plugin for WordPress is designed to prevent unauthorized copying of website content. However, during a recent security audit, a severe vulnerability—CVE-2024-6138—was discovered. This vulnerability allows Editor-level users to execute Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of backdoors.
| CVE | CVE-2024-5573 |
| Plugin | Secure Copy Content Protection < 4.0.9 |
| Critical | Low |
| All Time | 1 605 409 |
| Active installations | 20 000+ |
| Publicly Published | June 20, 2024 |
| Last Updated | June 20, 2024 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6138/ https://wpscan.com/vulnerability/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| May 22, 2024 | Plugin testing and vulnerability detection in the Secure Copy Content Protection have been completed |
| May 22, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| June 20, 2024 | Registered CVE-2024-6138 |
Discovery of the Vulnerability
The vulnerability in Secure Copy Content Protection was uncovered during routine security testing. Researchers found that the plugin’s integration settings, specifically the ays_mailchimp_username and ays_mailchimp_api_key parameters, failed to sanitize user inputs properly. This oversight allows malicious actors to inject and store harmful scripts within these fields..
Understanding of Stored XSS attack’s
Cross-Site Scripting (XSS) is a prevalent security issue in web applications, including WordPress. XSS vulnerabilities arise when an application includes untrusted data in a web page without proper validation or escaping. This allows attackers to execute arbitrary scripts in the context of the victim’s browser. In WordPress, XSS vulnerabilities often emerge from plugins or themes that do not adequately sanitize user inputs.
In the case of Secure Copy Content Protection, the XSS vulnerability is stored, meaning the malicious script is permanently stored on the target server, such as within a database, and is executed when a user visits the affected page. This type of XSS can have severe consequences, including session hijacking, defacement, and in this scenario, account takeover through backdoor creation.
Exploiting the Stored XSS Vulnerability
To exploit the CVE-2024-6138 vulnerability in Secure Copy Protection, an attacker needs to follow these steps:
POC:
Go to the Integrations column and to the parameters: ays_mailchimp_username ays_mailchimp_api_key.You can insert payload XSS into these parameters
PoC payload: “><script></script><img src=x onerror=alert(document.domain)>
____
The potential risks associated with this vulnerability are extensive. Attackers could leverage this flaw to:
- Create Backdoors: Persistently access compromised accounts even after detection.
- Hijack Sessions: Steal session cookies and hijack active user sessions.
- Deface Websites: Alter the appearance of the site or display unwanted content.
- Steal Sensitive Data: Access confidential user data or administrative functions.
Real-world scenarios might include an attacker gaining administrative privileges, altering critical site settings, or spreading the exploit to other users who interact with the compromised site.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-6138, the following steps are recommended:
- Update the Plugin: Ensure that the Easy Table of Contents plugin is updated to the latest version, where the vulnerability is patched.
- Sanitize Inputs: Implement robust input validation and sanitization to prevent malicious code from being accepted.
- Restrict Unfiltered HTML: Limit the use of the
unfiltered_htmlcapability to trusted users only, minimizing the risk of XSS exploits. - Regular Security Audits: Conduct periodic security audits of plugins and themes to identify and address vulnerabilities proactively.
- Educate Users: Train users on the importance of security best practices, particularly those with elevated privileges.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6138, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
