CVE-2024-8617 detects a stored XSS vulnerability in the popular QuizMaker plugin for WordPress, which allows users to create various quizzes with different types of questions. Although it offers extensive functionality for creating quizzes, it also contains a critical security flaw that could allow attackers to inject malicious code, potentially leading to the creation of a backdoor and unauthorized access to the website.

CVECVE-2024-7132
PluginQuiz Maker < 6.5.9.8
CriticalLow
All Time2 160 163
Active installations20 000+
Publicly PublishedSeptember 17, 2024
Last UpdatedSeptember 17, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8617/
https://wpscan.com/vulnerability/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

July 24, 2024Plugin testing and vulnerability detection in the Quiz Maker have been completed
July 24, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
September 17, 2024Registered CVE-2024-8617

Discovery of the Vulnerability

During a routine security assessment of the Quiz Maker plugin, a vulnerability was discovered in the handling of input fields related to quiz parameters. While the plugin provides a comprehensive range of features such as radio buttons, checkboxes, dropdowns, and text fields for quiz creation, certain parameters were found to be vulnerable to stored XSS attacks. Specifically, parameters like ays_mobile_max_width, ays_quiz_border_radius, ays_quiz_border_width, and ays_image_height were improperly sanitized, allowing attackers to inject malicious scripts that would persist in the system.

Understanding of Stored XSS attack’s

Stored XSS (or persistent XSS) differs from other XSS types in that the malicious payload is saved on the server and later executed in the browser of any user who views the affected content. This makes stored XSS particularly dangerous, as it can affect multiple users and persist across multiple sessions. In the case of Quiz Maker, an attacker can inject a script into a quiz parameter field that, once saved, will execute whenever someone, including administrators, interacts with the quiz.

Exploiting the Stored XSS Vulnerability

Exploiting the CVE-2024-8617 vulnerability involves injecting a malicious payload into one of the vulnerable quiz parameter fields:

POC:

  1. Navigate to the Quiz Maker plugin’s control panel.
  2. Click on the “Quizzes” tab and create a new quiz.In the quiz settings, locate the vulnerable parameters such as ays_mobile_max_width, ays_quiz_border_radius, ays_quiz_border_width, or ays_image_height.
  3. Insert a malicious XSS payload into one of these fields.
PoC payload: 333"asdasd='+onmouseover=alert(777)+tet='+//

____

could be injected into the ays_quiz_border_radius field. Once saved, the payload is stored in the database, and when an administrator or any other user interacts with the quiz, the script is triggered. In this case, the onmouseover event would cause an alert box to display 777. However, this could easily be modified to include more harmful actions, such as executing a backdoor.

Recommendations for Improved Security

To mitigate the risk posed by this vulnerability, users of the Stylish Price List plugin should implement the following security measures:

  1. Update the Plugin: Always ensure that the plugin is updated to the latest version, as the developers may release a patch to address this vulnerability.
  2. Sanitize User Inputs: Developers should implement proper input validation and sanitization for all fields, particularly those that allow HTML or special characters, to prevent malicious code from being injected.
  3. Limit User Roles: Restrict the privileges of contributors and other non-admin users to limit their ability to inject potentially harmful scripts into the website.
  4. Use a Web Application Firewall (WAF): A WAF can provide an additional layer of protection by filtering out malicious requests before they reach the website.
  5. Regular Security Audits: Regularly review the security of your WordPress installation and plugins to detect and patch any vulnerabilities before they can be exploited.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-8617, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-8617 – Quiz Maker – Stored XSS to Backdoor Creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *