The digital world is rife with threats, and the latest discovery in the WordPress plugin landscape underscores this reality. “Shortcodes Ultimate Pro,” a popular plugin with over 500,000 installations, has been found vulnerable to a severe security flaw, CVE-2024-6766. This vulnerability exposes websites to significant risks, impacting both their integrity and the safety of user data.
| CVE | CVE-2024-6766 |
| Plugin | Shortcodes Ultimate Pro < 7.2.1 |
| Critical | High |
| All Time | 21 406 000 |
| Active installations | 500 000+ |
| Publicly Published | July 15, 2024 |
| Last Updated | July 15, 2024 |
| Researcher | Dmitrii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6766 https://wpscan.com/vulnerability/77bb1dcf-4e84-497a-955e-f3c0b649ad1c/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| June 11, 2024 | Plugin testing and vulnerability detection in the Shortcodes Ultimate Pro have been completed |
| June 11, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| July 15, 2024 | Registered CVE-2024-6766 |
Discovery of the Vulnerability
The flaw was uncovered during routine security assessments aimed at bolstering defenses against cyber threats. It manifests as a Stored Cross-Site Scripting (XSS) vulnerability, a common but dangerous exploit that can lead to unauthorized administrative access and potentially catastrophic consequences for website operations.
Understanding of Stored XSS attack’s
Stored XSS attacks are particularly insidious because they allow the injection of malicious scripts into web pages that are subsequently saved and displayed to other users. In WordPress, where plugins extend functionality, such vulnerabilities can severely undermine the security of a site. Real-world examples include instances where attackers have manipulated these flaws to steal cookies, hijack sessions, or redirect visitors to malicious websites.
Exploiting the Stored XSS Vulnerability
In the case of Shortcodes Ultimate Pro, the vulnerability can be exploited by embedding malicious JavaScript in the ‘btn_background’ attribute of the [su_plan] shortcode. When a user with sufficient privileges interacts with this tainted element, the script executes, paving the way for unauthorized actions such as admin account creation.
POC:
[su_plan name=”1″ price=”1″ before=”1″ after=”1″ period=”1″ background=”1″ color=”1″ icon_color=”1″ icon_size=”128″ btn_url=”1″ btn_text=”1″ btn_background=’123″onmouseover=”alert(1)//”‘ btn_color=”1″ class=”1″]1[/su_plan]
____
The risks associated with this vulnerability are profound. Beyond unauthorized access, attackers could potentially escalate privileges, extract sensitive data, plant backdoors, or spread malware to users. In real-world scenarios, such breaches could lead to data theft, website defacement, or even a complete takeover of the website’s administrative functions.
Recommendations for Improved Security
To mitigate this vulnerability and enhance overall security, users of the Shortcodes Ultimate Pro plugin should:
- Immediately update the plugin to the latest version if a security patch is available.
- Regularly review and sanitize inputs across all forms and content blocks to prevent script injections.
- Implement a robust Content Security Policy (CSP) that restricts the sources from which scripts can be loaded.
- Educate users with administrative privileges about the risks of XSS and the importance of secure coding practices.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6766, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
