Researchers have discovered flaws in a number of WordPress plugins that. If successfully exploited, could allow an attacker to execute arbitrary code. And take control of a website in certain circumstances.
Elementor, a website builder plugin used on more than seven million sites. And WP Super Cache, a tool used to serve cached pages of a WordPress site, were both found to have flaws.
The bug affects a set of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occur when a malicious script is injected directly into a vulnerable web application, according to Wordfence, which discovered the security flaws in Elementor.
Due to a lack of server-side validation of HTML tags in this case. A bad actor can use a crafted request to inject executable JavaScript into a post or page.
“Since posts created by contributors are typically reviewed by editors or administrators before publishing. Any JavaScript added to one of these posts would be executed in the reviewer’s browser”. Wordfence explained in a technical blog post. “If an administrator reviewed a post containing malicious JavaScript. Their authenticated session with high-level privileges could be used to create a new malicious administrator. Or to add a backdoor to the site. An attack on this vulnerability could lead to site takeover.”
Multiple HTML elements flaws discovered
Multiple HTML elements, including Heading, Column, Accordion, Icon Box, and Image Box, discovered to be vulnerable to the store XSS attack. Allowing any user to access the Elementor editor and insert an executable JavaScript.
Because the flaws take advantage of the fact that dynamic data entered in a template can be used to include malicious scripts. That launch XSS attacks, such behavior can be prevented by validating the input and escaping the output data so that the HTML tags passed as inputs are rendered harmless.
Separately, WP Super Cache was found to have an authenticated remote code execution (RCE) vulnerability. That could allow an attacker to upload and execute malicious code with the goal of taking control of the site. More than two million WordPress sites are using the plugin.
Elementor fixed the issues in version 3.1.4, released on March 8, by hardening “allowed options in the editor to enforce better security policies”. As a result of the responsible disclosure on February 23. Similarly, Automattic, the company behind WP Super Cache, stated that version 1.7.2 fixes the “authenticated RCE in the settings page.”
It is strongly advise that users of the plugins update to the most recent versions to reduce the risk of the flaws.
If you found this post useful, then please follow us on Facebook and Twitter and a;
You may also like:
Leave A Comment