During a recent security test, a vulnerability identified as CVE-2024-8983 was discovered in Custom Twitter Feeds, a popular plugin. This vulnerability allows you to embed saved cross-site scripts (XSS) on the site, which can potentially lead to the creation of a backdoor and account hijacking.

CVECVE-2024-8983
PluginCustom Twitter Feeds < 2.2.3
CriticalLow
All Time2 572 501
Active installations100 000+
Publicly PublishedSeptember 18, 2024
Last UpdatedSeptember 18, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8983/
https://wpscan.com/vulnerability/29194dde-8d11-4096-a5ae-1d69c2c5dc33/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

September 18, 2024Plugin testing and vulnerability detection in the Custom Twitter Feeds have been completed
September 18, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
September 26, 2024Registered CVE-2024-8983

Discovery of the Vulnerability

The vulnerability was found during routine security assessments of the Custom Twitter Feeds plugin, which allows users to display Twitter feeds directly on their websites. The plugin’s customizable features, such as custom JavaScript options, were found to be vulnerable to stored XSS attacks. The lack of proper sanitization in certain input fields allows attackers to inject malicious scripts that are later executed by unsuspecting users with administrative privileges.

Understanding of XSS attack’s

Stored XSS occurs when malicious scripts are stored on the server and executed in the victim’s browser when the affected page is loaded. In the case of this vulnerability, attackers can inject harmful JavaScript code via the Custom JS input field in the plugin’s settings. Once saved, the script is triggered whenever a page or post utilizing the Twitter feed is accessed, potentially giving the attacker control over the site.

Exploiting the XSS Vulnerability

To exploit the vulnerability in the Custom Twitter Feeds plugin, attackers need access to the plugin’s settings panel. Once there, they can inject a payload into the Custom JS section. For example:

POC:

1. Go to the Twitter Feeds plugin panel
2. Go to settings, to the plugin settings
3. Go to the Feeds section
4. Enter the payload into the Custom JS.
PoC: "><script></script><img src=x onerror=alert(/XSS1/)>
5. Go to any Post or Pages. The payload will work on the page.

____

After saving the malicious payload, the script will be stored within the website’s code and triggered whenever the Twitter feed is displayed on any post or page. This simple yet dangerous action can allow the attacker to perform actions as the admin or escalate their privileges, eventually taking full control of the site.

In a real-world scenario, an attacker could exploit this vulnerability to inject malware into a giveaway page, redirect users to phishing sites, or steal sensitive user data submitted during the contest. Furthermore, the attacker could create unauthorized admin accounts, allowing them to control the site indefinitely, making detection and remediation more difficult.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-8983, it is crucial to implement a few key measures:

Update the Plugin: Ensure you are running the latest version of the Custom Twitter Feeds plugin, as security patches will typically address known vulnerabilities.

Sanitize Input Fields: Developers should ensure that all input fields, especially those that handle custom JavaScript or HTML, are properly sanitized to prevent malicious code injection.

Least Privilege Access: Limit access to plugin settings only to trusted users with the appropriate level of privilege, reducing the chance of exploitation by contributors or lower-level users.

Regular Security Audits: Conduct frequent security audits of your website and plugins to detect vulnerabilities early.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6887, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-8983 – Custom Twitter Feeds – Stored XSS to JS Backdoor Creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *