CVE-2024-8619 exposes a serious Stored Cross-Site Scripting (XSS) vulnerability in the Ajax Search Lite plugin, a widely used search enhancement plugin with over 100,000 installations. This vulnerability allows attackers, specifically users with editor-level permissions, to inject malicious JavaScript (JS) into the plugin’s settings. Once exploited, the attacker can create backdoors and take over admin accounts, leading to full control of the WordPress site. The issue lies in improper input sanitization within the plugin’s “image width” field, which can be manipulated to execute malicious scripts.

CVECVE-2024-8619
PluginAjax Search Lite <= 4.12.2
CriticalHigh
All Time1 620 343
Active installations100 000+
Publicly PublishedSeptember 14, 2024
Last UpdatedSeptember 14, 2024
ResearcherDmitrii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8619
https://wpscan.com/vulnerability/84f6733e-028a-4288-b01a-7578a4a89dbe/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

August 2, 2024Plugin testing and vulnerability detection in the Ajax Search Lite have been completed
August 2, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
September 14, 2024Registered CVE-2024-8619

Discovery of the Vulnerability

The vulnerability was discovered during security testing of the Ajax Search Lite plugin. The flaw lies in the “image width (px)” field under the plugin’s main settings, which does not properly sanitize user input. This allows attackers to embed malicious JavaScript code within this field, leading to the execution of harmful scripts.

Understanding of XSS attack’s

Cross-Site Scripting (XSS) vulnerabilities occur when user inputs are not properly sanitized, allowing attackers to inject malicious scripts into a web page. In WordPress, XSS vulnerabilities are particularly dangerous because they can lead to session hijacking, privilege escalation, and even full site takeover.

Stored XSS, as seen in CVE-2024-8619, is a severe form of XSS where the malicious code is stored in the site’s backend, allowing it to be triggered repeatedly whenever the affected component is accessed. This vulnerability in Ajax Search Lite enables an attacker to inject harmful JavaScript that executes whenever an administrator interacts with the plugin’s settings or front-end components. In past cases, XSS vulnerabilities have led to widespread site compromise, data breaches, and persistent backdoors.

Exploiting the XSS Vulnerability

Exploiting CVE-2024-8619 is relatively straightforward. An attacker with editor-level permissions can create a new post and add the Ajax Search block. By manipulating the “image width (px)” field, the attacker can inject malicious code like:

POC:

You should create a new post with Ajax Search block. Change "image width (px)" field  in main settings to "Malicious JS code eval() and etc. For example 123</style><img src=x onerror=alert(1)> -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

____

The risks associated with CVE-2024-8619 are substantial. A successful exploitation can lead to complete site compromise, enabling attackers to create backdoors, hijack admin accounts, and manipulate site content. For high-traffic websites or e-commerce platforms using Ajax Search Lite, this vulnerability could lead to significant financial loss, data theft, and reputational damage.

In real-world scenarios, attackers could exploit this vulnerability to take over WordPress sites, steal customer information, or use compromised sites to distribute malware. For businesses relying on Ajax Search Lite for enhanced search functionality, the consequences of an attack could extend to lost customer trust and potential legal liabilities due to data breaches.

Recommendations for Improved Security

To mitigate the risk of CVE-2024-8619, WordPress site administrators using Ajax Search Lite should update to the latest version as soon as a patch is available. Plugin developers must ensure that all user inputs, especially in fields like the “image width (px)” field, are properly sanitized to prevent the insertion of malicious JavaScript.

In addition to updating the plugin, administrators should review user roles and permissions, restricting the ability for editors and contributors to insert unfiltered HTML or JavaScript. Using security plugins that monitor and block XSS attempts can provide additional protection. Regular security audits and reviews of plugin configurations can also help identify vulnerabilities before they can be exploited.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-8619, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

Dmitrii I.
CVE-2024-8619 – Ajax Search Lite – Stored XSS to backdoor creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *