In the realm of web security, WordPress plugins often serve as both tools for enhancement and potential entry points for malicious activities. Recently, a significant vulnerability was uncovered in the Ajax Search Lite plugin, which is widely used to enhance search functionality on WordPress sites. This flaw, identified as CVE-2024-7084, allows for Stored Cross-Site Scripting (XSS) attacks that can lead to account hijacking and other severe security breaches.
CVE | CVE-2024-7084 |
Plugin | Ajax Search Lite < 4.12.1 |
Critical | Low |
All Time | 1 507 997 |
Active installations | 80 000+ |
Publicly Published | August 1, 2024 |
Last Updated | August 1, 2024 |
Researcher | Artyom Krugov |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7084/ https://wpscan.com/vulnerability/0d38bf4d-de6a-49f8-be69-fa483fa61bb7/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
June 16, 2024 | Plugin testing and vulnerability detection in the Ajax Search Lite have been completed |
June 16, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
August 1, 2024 | Registered CVE-2024-7084 |
Discovery of the Vulnerability
The discovery of CVE-2024-7084 highlights the persistent issue of security flaws in popular plugins. During routine testing, security researchers found that the Ajax Search Lite plugin is susceptible to Stored XSS attacks. This vulnerability allows attackers to inject malicious scripts into the plugin’s settings, which are then executed whenever an administrator accesses the affected area. The flaw was found in the override_search_form parameter, where malicious payloads could be inserted and saved.
Understanding of Stored XSS attack’s
Stored XSS, unlike its reflective counterpart, involves the injection of malicious scripts into a website’s database. These scripts are then served to users whenever they visit the affected pages. In the context of , such vulnerabilities can be particularly dangerous. For instance, if an attacker can inject malicious code into a plugin’s settings, they can execute this code whenever the admin interface is accessed, potentially stealing cookies, session tokens, or even gaining full control over the administrator’s account.
Exploiting the Stored XSS Vulnerability
To exploit the CVE-2024-7084 vulnerability, an attacker needs to follow these steps:
POC:
Access the Ajax Search Lite Control Panel: The attacker navigates to the plugin’s control panel.
Intercept the Request: While saving the plugin settings, the attacker intercepts the request.
Insert the Payload: The attacker injects the malicious payload into the
override_search_form
parameter.Save the Settings: The modified settings are saved, embedding the malicious script into the plugin’s configuration.
PoC Payload: 123″test='”><script></script><img+src=x+onerror=alert(/XSS/)>
____
The risks associated with this vulnerability are high, primarily because it can be used to create a backdoor into the admin account of a WordPress site. Once exploited, an attacker could potentially take over the entire site, steal sensitive user data, and spread the attack further to visitors of the site.
Recommendations for Improved Security
To mitigate this vulnerability and enhance overall site security, it is recommended that:
- Hijack Administrator Accounts: By executing malicious scripts, attackers can steal session tokens or cookies, allowing them to take over administrator accounts.
- Compromise User Data: Accessing admin privileges could lead to unauthorized access to sensitive user data stored within the WordPress site.
- Spread Malware: The attacker can inject additional scripts to distribute malware to site visitors, leading to a broader security breach.
- Damage Reputation: A compromised site can suffer significant reputational damage, leading to loss of trust among users and visitors.
By taking proactive measures to address XSS vulnerabilities like CVE-2024-7084, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #XSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.