In the realm of WordPress plugins, security vulnerabilities can pose significant threats to website integrity and user safety. One such vulnerability, identified as CVE-2024-7716, has been discovered in the GS Logo Slider Lite plugin. This Stored Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious JavaScript code, leading to the creation of a backdoor that can compromise administrator accounts and overall site security.
| CVE | CVE-2024-7716 |
| Plugin | Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation < 3.6.8 |
| Critical | Low |
| All Time | 612 537 |
| Active installations | 30 000+ |
| Publicly Published | June 28, 2024 |
| Last Updated | August 20, 2024 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7716/ https://wpscan.com/vulnerability/cfa67c43-6f09-43f5-9fbe-32a98a82f548/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| June 28, 2024 | Plugin testing and vulnerability detection in the Inline Related Posts have been completed |
| August 20, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| August 20, 2024 | Registered CVE-2024-7716 |
Discovery of the Vulnerability
The vulnerability was uncovered during a thorough security assessment of the GS Logo Slider Lite plugin. It was found that the plugin fails to properly sanitize user input, particularly in the “Logo Shortcut” section of the GS Logos panel. This oversight allows malicious scripts to be stored and executed, which could result in unauthorized access to the site.
Understanding of Stored XSS attack’s
Stored XSS occurs when an attacker is able to inject and store malicious scripts in a website’s persistent storage, such as a database. These scripts are then executed when users access the affected content. In WordPress, this can manifest in various ways, such as through poorly sanitized plugin fields or settings. Real-world examples of Stored XSS include scenarios where attackers use this vulnerability to steal cookies, manipulate user sessions, or deliver malware
Exploiting the Stored XSS Vulnerability
To exploit CVE-2024-7716, follow these steps:
POC:
- Access the GS Logo Slider Lite Plugin: Navigate to the GS Logos panel within the GS Logo Slider Lite plugin in your WordPress admin dashboard.
- Go to the “Logo Shortcut” Section: Click on the “Logo Shortcut” tab to access the settings where the vulnerability is present.
- Intercept the Request: Click the “Save Shortcut” button to intercept the request. This action will allow you to modify the data sent to the server.
- Inject the Payload: In the
shortcode_settings[gs_l_theme]parameter, insert the following payload: 1”test=’+onmouseover=alert(/XSS/)//____
This payload is designed to execute JavaScript when the content is rendered. The onmouseover event triggers an alert with the value 1 when a user hovers over the element, demonstrating the successful injection of malicious code.
Recommendations for Improved Security
To mitigate this vulnerability:
- Update the Inline Related Posts plugin to the latest version where the issue has been addressed.
- Regularly audit and update all WordPress plugins and themes.
- Implement strict content security policies that prevent the execution of unauthorized scripts.
- Educate users and administrators about the risks of XSS and the importance of using secure plugins.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-7716, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
