The Team Members Showcase plugin for WordPress has discovered a vulnerability CVE-2024-9236, which allows an attacker to execute saved cross-site scripts (XSS) and potentially intercept administrative accounts.It offers website administrators a universal tool for displaying team members on their site using various layouts such as grids and sliders. This plugin is highly customizable, adaptive, and compatible with Elementor, allowing users to easily create professional-looking team storefronts.

CVECVE-2024-9236
PluginTeam Members Showcase
CriticalLow
All Time349 210
Active installations10 000+
Publicly PublishedOctober 4, 2024
Last UpdatedOctober 4, 2024
ResearcherArtyom Krugov
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9236/
https://wpscan.com/vulnerability/fd06ba56-37dd-4c23-ae7c-ab8de40d1645/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

September 4, 2024Plugin testing and vulnerability detection in the Team Members Showcase have been completed
September 4, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
October 4, 2024Registered CVE-2024-9182

Discovery of the Vulnerability

During a routine security assessment, a vulnerability was discovered in the Team Members Showcase plugin. This flaw lies within the plugin’s Shortcode Generator, a tool that allows administrators to easily create customized team member displays. Through this generator, a malicious user can inject XSS payloads into the ttp_parent_class parameter, which is not properly sanitized. This allows the attacker to store malicious scripts within the website’s database

The vulnerability can be exploited by intercepting the request to the Shortcode Generator, modifying the input field, and inserting a malicious payload.

Understanding of XSS attack’s

Stored Cross-Site Scripting (XSS) is a type of attack where malicious scripts are injected into web applications and stored on the server, usually within a database. These scripts are then executed whenever a user with appropriate privileges views the injected content. In WordPress, Stored XSS vulnerabilities are particularly dangerous because they can affect both administrators and regular users, depending on where the payload is executed.

Exploiting the XSS Vulnerability

o successfully exploit this vulnerability, an attacker would need access to the WordPress dashboard, where they can manipulate the Shortcode Generator. Here’s how an attacker might exploit this vulnerability step-by-step:

POC:

1) Access the Shortcode Generator: The attacker navigates to the Shortcode Generator tool in the Team Members Showcase plugin. This tool allows them to customize the layout of team member profiles.

2) Create a New Post: The attacker creates a new post or page where they plan to display the team member showcase.

3) Intercept the Request: Using a tool like Burp Suite or OWASP ZAP, the attacker intercepts the HTTP request sent to the server when submitting the form to generate the shortcode.

4) Inject the Payload: The attacker modifies the ttp_parent_class parameter, injecting a malicious XSS payload.

5)Insert a Gutenberg Shortcode: The attacker can further add a Gutenberg block with the shortcode, ensuring that the payload is executed once the block is viewed by an admin.

6)Trigger the XSS Attack: Once the page is viewed by an administrator, the malicious script is executed, leading to actions such as session hijacking, admin account creation, or other harmful outcomes.

____

By embedding XSS into the shortcode, the attacker’s code becomes persistent. Each time the page containing the shortcode is accessed, the payload runs, allowing the attacker continuous opportunities to exploit the vulnerability.

Recommendations for Improved Security

To mitigate this vulnerability and prevent Stored XSS attacks, it is essential to follow best practices for secure web development and WordPress site management:

  1. Update Plugins Regularly: Always ensure that all WordPress plugins, including Maspik, are updated to the latest version. Developers release patches for known vulnerabilities, and staying up-to-date is the best defense against attacks.
  2. Input Validation and Sanitization: Plugin developers must ensure that all user inputs are properly validated and sanitized before being stored in the database. This helps prevent the injection of malicious scripts.
  3. Limit User Privileges: Restrict access to sensitive sections of your WordPress site, such as the Shortcode Generator, to trusted administrators. Reducing the number of users who can access these features decreases the likelihood of a successful attack.
  4. Conduct Regular Security Audits: Periodically auditing your WordPress site and plugins for security vulnerabilities is crucial. Tools such as WPScan can help identify potential risks, including XSS vulnerabilities, allowing you to patch them before they are exploited.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-9236, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-9236 – Team Members Showcase – Stored XSS to Admin Creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *