The SiteOrigin Widgets Bundle WordPress plugin with over 600,000 installations fixed an authenticated cross-site scripting (XSS) vulnerability that could allow attackers to upload arbitrary files and expose site visitors to malicious scripts.
SiteOrigin widget pack plugin
With over 600,000 active installations, the SiteOrigins Widgets plugin provides a way to easily add a multitude of widget features like sliders, carousels, maps, change the way blog posts are displayed, and other useful page elements web.
Cross-stored scripting vulnerability
A Cross-Site Scripting (XSS) vulnerability is a flaw that allows a hacker to inject (upload) malicious scripts. In WordPress plugins, these types of vulnerabilities arise from flaws in the way input data is not properly sanitized (filtered for untrusted data) and also from inadequate security of output data (so-called ‘exhaust’).
This particular XSS vulnerability is called Stored XSS because the attacker is able to inject the malicious code into the server. According to the non-profit Open Worldwide Application Security Project (OWASP), the ability to launch an attack directly from the website makes this particularly worrisome.
OWASP describes the Stored XSS threat:
“This type of exploit, known as Stored XSS, is particularly insidious because the indirection caused by the data store makes it more difficult to identify the threat and increases the possibility that the attack will affect multiple users. “
In an XSS attack, where a script has been successfully injected, the attacker sends a malicious script to an unsuspecting site visitor. The user’s browser, because it trusts the website, executes the file. This can allow an attacker to access cookies, session tokens, and other sensitive website data.
Description of the vulnerability
The vulnerability arose due to flaws in ingress sanitization and data leakage.
The WordPress developer page for security explains the disinfection:
“Input sanitization is the process of securing/cleaning/filtering input data. Validation is preferred over sanitization because validation is more specific. But when “more specific” is not possible, sanitization is the best thing.”
Data escaping in a WordPress plugin is a security feature that filters unwanted output.
Both of these features needed improvements in the SiteOrigins Widgets Bundle plugin.
Wordfence described the vulnerability:
“The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to cross-site scripts stored via the onclick parameter in all versions up to and including 1.58.3 due to insufficient sanitization of input and output escape “.
This vulnerability requires authentication before it can run, meaning an attacker needs at least contributor-level access to launch an attack.
Recommended Action:
The vulnerability was assigned a medium CVSS severity level, with a score of 6.4/10. Users of the plugin should consider upgrading to the latest version, which is version 1.58.5, although the vulnerability was patched in version 1.58.4.
Read the Wordfence Vulnerability Notice:
SiteOrigin Widget Pack <= 1.58.3: Authenticated Stored Cross-Site Scripts (Contributor+)
[ad_2]
Source link
