In the realm of web security, WordPress plugins often serve as both tools for enhancement and potential entry points for malicious activities. Recently, a significant vulnerability was uncovered in the Ajax Search Lite plugin, which is widely used to enhance search functionality on WordPress sites. This flaw, identified as CVE-2024-7084, allows for Stored Cross-Site Scripting (XSS) attacks that can lead to account hijacking and other severe security breaches.

CVECVE-2024-7084
PluginAjax Search Lite < 4.12.1
CriticalLow
All Time1 507 997
Active installations80 000+
Publicly PublishedAugust 1, 2024
Last UpdatedAugust 1, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7084/
https://wpscan.com/vulnerability/0d38bf4d-de6a-49f8-be69-fa483fa61bb7/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

June 16, 2024Plugin testing and vulnerability detection in the Ajax Search Lite have been completed
June 16, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 1, 2024Registered CVE-2024-7084

Discovery of the Vulnerability

The discovery of CVE-2024-7084 highlights the persistent issue of security flaws in popular plugins. During routine testing, security researchers found that the Ajax Search Lite plugin is susceptible to Stored XSS attacks. This vulnerability allows attackers to inject malicious scripts into the plugin’s settings, which are then executed whenever an administrator accesses the affected area. The flaw was found in the override_search_form parameter, where malicious payloads could be inserted and saved.

Understanding of Stored XSS attack’s

Stored XSS, unlike its reflective counterpart, involves the injection of malicious scripts into a website’s database. These scripts are then served to users whenever they visit the affected pages. In the context of , such vulnerabilities can be particularly dangerous. For instance, if an attacker can inject malicious code into a plugin’s settings, they can execute this code whenever the admin interface is accessed, potentially stealing cookies, session tokens, or even gaining full control over the administrator’s account.

Exploiting the Stored XSS Vulnerability

To exploit the CVE-2024-7084 vulnerability, an attacker needs to follow these steps:

POC:

Access the Ajax Search Lite Control Panel: The attacker navigates to the plugin’s control panel.

Intercept the Request: While saving the plugin settings, the attacker intercepts the request.

Insert the Payload: The attacker injects the malicious payload into the override_search_form parameter.

Save the Settings: The modified settings are saved, embedding the malicious script into the plugin’s configuration.

PoC Payload: 123″test='”><script></script><img+src=x+onerror=alert(/XSS/)>

____

The risks associated with this vulnerability are high, primarily because it can be used to create a backdoor into the admin account of a WordPress site. Once exploited, an attacker could potentially take over the entire site, steal sensitive user data, and spread the attack further to visitors of the site.

Recommendations for Improved Security

To mitigate this vulnerability and enhance overall site security, it is recommended that:

  • Hijack Administrator Accounts: By executing malicious scripts, attackers can steal session tokens or cookies, allowing them to take over administrator accounts.
  • Compromise User Data: Accessing admin privileges could lead to unauthorized access to sensitive user data stored within the WordPress site.
  • Spread Malware: The attacker can inject additional scripts to distribute malware to site visitors, leading to a broader security breach.
  • Damage Reputation: A compromised site can suffer significant reputational damage, leading to loss of trust among users and visitors.

By taking proactive measures to address XSS vulnerabilities like CVE-2024-7084, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #XSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-7084 – Ajax Search Lite – Stored XSS – POC

Leave a Reply

Your email address will not be published. Required fields are marked *