The digital landscape of WordPress plugins is fraught with security vulnerabilities that can jeopardize the integrity and safety of websites. A critical security flaw, CVE-2024-6487, has recently been uncovered in the Inline Related Posts plugin, allowing for the implementation of Stored Cross-Site Scripting (XSS) that can lead to the creation of a JavaScript backdoor.
| CVE | CVE-2024-6487 |
| Plugin | Inline Related Posts < 3.8.0 |
| Critical | High |
| All Time | 1 426 000 |
| Active installations | 100 000+ |
| Publicly Published | July 15, 2024 |
| Last Updated | July 15, 2024 |
| Researcher | Dmitrii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6487 https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| July 3, 2024 | Plugin testing and vulnerability detection in the Inline Related Posts have been completed |
| July 3, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| July 15, 2024 | Registered CVE-2024-6487 |
Discovery of the Vulnerability
The vulnerability was discovered during routine security assessments of the Inline Related Posts plugin. This particular issue enables Stored XSS, where malicious JavaScript is embedded into the settings of the plugin, potentially allowing attackers to execute arbitrary code on behalf of the editor.
Understanding of Stored XSS attack’s
Cross-Site Scripting (XSS) is a common web security vulnerability that allows attackers to inject malicious scripts into content viewed by other users. In WordPress, this can manifest in plugins where user input, such as in settings or posts, is not properly sanitized. Real-life examples include vulnerabilities in other plugins where XSS led to unauthorized administrative access or data theft.
Exploiting the Stored XSS Vulnerability
For CVE-2024-6487, the exploitation involves altering the “target” field within the plugin’s settings to execute malicious JavaScript when hovered over by a cursor. The POC (Proof of Concept) for this vulnerability demonstrates how an attacker could insert a script like:
POC:
You should change “target” field in settings of a Inline Related Posts to “Malicious JS code eval() and etc. For example 123″ onmouseover=alert(10)// -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
____
The risk associated with this vulnerability is high, given that it can lead to unauthorized access and control of the WordPress site. Attackers could leverage this access to redirect visitors, steal cookies, harvest credentials, or even deploy further malware.
Recommendations for Improved Security
To mitigate this vulnerability:
- Update the Inline Related Posts plugin to the latest version where the issue has been addressed.
- Regularly audit and update all WordPress plugins and themes.
- Implement strict content security policies that prevent the execution of unauthorized scripts.
- Educate users and administrators about the risks of XSS and the importance of using secure plugins.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6487, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
