Progressive Web Apps (PWAs) have revolutionized the way websites interact with users, offering a mobile app-like experience directly from the web. One popular WordPress plugin, “PWA For WP & AMP,” integrates this advanced technology into WordPress sites, promising seamless offline support, app-like user interfaces, and faster loading times. However, with the increasing adoption of such technologies, security concerns have also grown. Recently, a significant vulnerability—CVE-2024-7759—was discovered in the “PWA For WP & AMP” plugin, posing a serious risk to website administrators and users alike.
| CVE | CVE-2024-3901 |
| Plugin | PWA for WP & AMP |
| Critical | Low |
| All Time | 1 319 716 |
| Active installations | 20 000+ |
| Publicly Published | July 3, 2024 |
| Last Updated | July 3, 2024 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7759/ https://wpscan.com/vulnerability/6e495b39-f9ef-45dd-b839-65c71a082f2b/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| July 3, 2024 | Plugin testing and vulnerability detection in the PWA for WP & AMP have been completed |
| July 3, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| August 28, 2024 | Registered CVE-2024-7759 |
Discovery of the Vulnerability
During a routine security assessment of the “PWA For WP & AMP” plugin, a stored Cross-Site Scripting (XSS) vulnerability was uncovered. This vulnerability allows attackers to inject malicious scripts into the website on behalf of an administrator, leading to potential account hijacking. The flaw was identified in the plugin’s settings interface, specifically within the unsanitized pwaforwp_settings[normal_enable] parameter.
Understanding of Stored XSS attack’s
Stored XSS attacks are particularly dangerous within WordPress because they allow attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, hijack sessions, or redirect victims to malicious websites. This type of vulnerability is notorious within web applications and has been exploited in numerous plugins, underscoring the need for rigorous input sanitization.
Exploiting the Stored XSS Vulnerability
To exploit the CVE-2024-7759 vulnerability in the “PWA For WP & AMP” plugin, follow these steps:
POC:
Access the PWA Control Panel: Begin by navigating to the PWA control panel within the WordPress dashboard.
Go to the Dashboard Tab: From the control panel, click on the “Dashboard” tab to access the plugin’s main settings page.
Intercept the Save Settings Request: Click on the “Save Settings” button while intercepting the request using a web proxy tool.
Identify the Vulnerable Parameter: In the intercepted request, locate the
pwaforwp_settings[normal_enable]parameter, which lacks proper sanitization.Inject the XSS Payload: Insert the following payload into the
pwaforwp_settings[normal_enable]parameter____
The risks associated with this vulnerability are significant. If exploited, attackers can gain administrative access, allowing them to alter site content, manipulate site functionality, and access sensitive user data. The potential for reputational damage and legal consequences is high, especially for business-oriented sites.
Recommendations for Improved Security
To mitigate this vulnerability, users are urged to update the Genesis Blocks plugin immediately upon release of a fix. Additionally, site administrators should regularly audit their plugins and themes for updates and potential vulnerabilities, employ robust input validation, and consider using web application firewalls (WAFs) to detect and block malicious input.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-7759, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
