CVE-2024-7761 exposes a critical flaw in the Simple Job Board plugin, widely used by WordPress sites to manage job listings and applications. With over 40,000 installations, this vulnerability allows attackers to exploit a Stored Cross-Site Scripting (XSS) flaw, enabling them to inject malicious JavaScript code. When executed, this can lead to account takeover, backdoor creation, and potentially long-term control over the site. The vulnerability stems from insufficient input validation, particularly in the plugin’s widget settings, making it an appealing target for attackers.

CVECVE-2024-7761
PluginSimple Job Board < 2.12.2
CriticalHigh
All Time598 789
Active installations40 000+
Publicly PublishedAugust 19, 2024
Last UpdatedAugust 19, 2024
ResearcherDmitrii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7761
https://wpscan.com/vulnerability/ae8c1c91-3574-4da5-b5dc-d4e3feccac7e/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

June 4, 2024Plugin testing and vulnerability detection in the Simple Job Board have been completed
June 4, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 19, 2024Registered CVE-2024-7761

Discovery of the Vulnerability

During the security testing of the Simple Job Board plugin, it was discovered that the “Title” field in the widget section is vulnerable to XSS attacks. The issue arises when the plugin fails to sanitize inputs properly, allowing malicious code to be stored and later executed when administrators or editors interact with the affected widget. This allows attackers with editor-level permissions to insert JavaScript code that can be executed in the admin’s browser, potentially compromising the entire site.

Understanding of XSS attack’s

Cross-Site Scripting (XSS) vulnerabilities occur when websites fail to sanitize user inputs, allowing malicious scripts to be stored and executed in a victim’s browser. In the WordPress ecosystem, XSS is especially dangerous as it can lead to session hijacking, data theft, or even full control over a website. Stored XSS, the type of vulnerability found in the Simple Job Board plugin, means that the malicious code is permanently saved in the website’s backend and is executed whenever the affected page or widget is viewed.

In the case of CVE-2024-7761, this XSS vulnerability allows an attacker to inject malicious JavaScript into the widget’s “Title” field. Once saved, the script runs whenever the widget is displayed, potentially allowing the attacker to steal sensitive information or execute further malicious actions, such as creating an admin account. Past examples of XSS in WordPress have resulted in attackers defacing websites, stealing login credentials, and even inserting ransomware or other harmful software.

Exploiting the XSS Vulnerability

To exploit CVE-2024-7761, an attacker with editor-level access creates or modifies a widget in the Simple Job Board plugin, injecting a malicious script into the “Title” field. For instance, inserting <img src=x onerror=alert(1)> into the field causes the script to be executed whenever an admin interacts with the widget. The attacker could also insert more sophisticated payloads that silently steal session cookies or credentials, create new admin accounts, or install persistent backdoors into the site.

POC:

You should change "Title" field  in widget to "Malicious JS code eval() and etc. For example <img src=x onerror=alert(1)>	 -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

____

The potential risks associated with CVE-2024-7761 are severe. Given that the Simple Job Board plugin is widely used by WordPress websites handling job listings and applications, a successful exploitation could lead to attackers stealing sensitive applicant information, defacing the website, or redirecting users to malicious sites. Additionally, compromised websites could be used as platforms to spread malware to visitors, causing widespread damage.

In a real-world scenario, an attacker could use this vulnerability to insert a backdoor into a company’s job board, giving them long-term access to sensitive applicant data or credentials. This information could then be used for identity theft or further targeted attacks on the organization. Furthermore, the attacker could manipulate the site’s job postings, spreading misinformation or engaging in phishing schemes aimed at job applicants.

Recommendations for Improved Security

To address CVE-2024-7761, WordPress administrators must update the Simple Job Board plugin to the latest version as soon as a patch is released. Developers should implement stricter input validation and sanitization practices to ensure that user-supplied content, especially in the widget “Title” field, cannot be used to inject malicious scripts.

In addition to updating the plugin, administrators should review the roles and permissions assigned to users, particularly those with editor-level access. Restricting the ability to use unfiltered HTML or JavaScript can help mitigate the risk of XSS attacks. Implementing a web application firewall (WAF) and monitoring site activity for unusual behavior, such as the creation of unauthorized admin accounts, can further protect against exploitation.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-7761, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-7761 – Simple Job Board – Stored XSS to JS Backdoor Creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *