The WordPress ecosystem offers a vast array of plugins to enhance website functionality, but it also opens the door to potential security vulnerabilities. One such vulnerability, identified as CVE-2024-6850, has been discovered in the “Carousel Slider” plugin, which is widely used for creating customizable, responsive carousel sliders. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks, which could lead to the creation of malicious administrator accounts and full site compromise.
CVE | CVE-2024-3901 |
Plugin | Carousel Slider < 2.2.14 |
Critical | Medium |
All Time | 975 356 |
Active installations | 40 000+ |
Publicly Published | June 20, 2024 |
Last Updated | June 20, 2024 |
Researcher | Artyom Krugov |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6850/ https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
June 20, 2024 | Plugin testing and vulnerability detection in the Carousel Slider have been completed |
June 20, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
August 28, 2024 | Registered CVE-2024-6850 |
Discovery of the Vulnerability
During a routine security audit of the “Carousel Slider” plugin, researchers uncovered a serious flaw in the way user input is handled in certain fields. The vulnerability was specifically found in the Hero Carousel feature, where the input fields for “Spacing/Gutter” and “Description of Spacing/Gutter” failed to properly sanitize user input. This oversight allows attackers to inject malicious scripts that can execute when an unsuspecting administrator views the affected page.
Understanding of Stored XSS attack’s
Stored XSS attacks are particularly dangerous within WordPress because they allow attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, hijack sessions, or redirect victims to malicious websites. This type of vulnerability is notorious within web applications and has been exploited in numerous plugins, underscoring the need for rigorous input sanitization.
Exploiting the Stored XSS Vulnerability
To exploit CVE-2024-6850, follow these steps:
POC:
- Navigate to the Carousel Slider panel within the WordPress admin dashboard.
- Add a new Hero Carousel by clicking on the “Add Hero Carousel” button.
- Click the “Add Slide” button to create a new slide within the carousel.
- Switch to the “Slide Style” tab and locate the “Spacing/Gutter” and “Description of Spacing/Gutter” fields.
- Insert the following payload into these fields:
7777"onmouseover='alert(123)โ
.Set the Content Animation option to “Fade in Down” for the slide.Save the vulnerable slider using the provided shortcode.____
Once these steps are completed, the malicious script will be executed whenever an administrator interacts with the slider, potentially leading to account hijacking or the creation of backdoor access
Recommendations for Improved Security
To mitigate this vulnerability, users are urged to update the Genesis Blocks plugin immediately upon release of a fix. Additionally, site administrators should regularly audit their plugins and themes for updates and potential vulnerabilities, employ robust input validation, and consider using web application firewalls (WAFs) to detect and block malicious input.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6850, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.