31 C
Jaipur
Friday, October 30, 2020

10,000+ WordPress Sites At Risk Due To Stored XSS Vulnerability – LinuxAndUbuntu

Must read

Xiaomi Trumps Apple to Become the Third Best Smartphone Maker Globally

The third quarter saw the smartphone market recover after taking massive hits due to the COVID-19 pandemic earlier this year. Samsung again came out...

Call Of Duty Warzone Mobile Might Become A Reality, Confirms Activision

A while back, Activision put out a job listing with its description saying “WZM,” which clearly meant Warzone Mobile. Ever since then, Call of...

SmartThings Find Locates Your Lost or Misplaced Galaxy Devices

Samsung has launched SmartThings Find, a new service in SmartThings app to help locate your misplaced or stolen Galaxy devices. The app uses Bluetooth...

10 Best Apple Mail Alternatives for Mac and iPhone in 2020

Unlike other stock apps like Safari and Notes, Apple Mail for macOS hasn’t got major improvements for a long time. The email app not...

WordPress plugin with over 10,000 installations contains a critical unpatched vulnerability. The vulnerability was discovered by Melbin Mathew yesterday and it deserves the attention of those who have installed this plugin on their WordPress sites.

The plugin has XSS(Cross-site Scripting) vulnerability that can easily be exploited by a hacker. Here is how it works.

Colorbox Lightbox plugin allows site admins to implement functionlity in site to allow users to see content in popup. The way it works is anyone writing a post can use the following shortcode with the media URL and hyperlink –

[wp_colorbox_media url="http://www.youtube.com/embed/nmp3Ra3Yj24" type="youtube" hyperlink="Click here"]

So the above shortcode will output the video in a popup which is awesome. But, both of these fields are non-sanitized that means any javascript code inserted within parameters will run in web browser.

[wp_colorbox_media url="http://www.youtube.com/embed/nmp3Ra3Yj24" type="youtube" hyperlink="Click here <script>alert('XSS from hyperlink param')</script>"]
Colorbox Lightbox XSS vulnerability

As you can see in the above image, the script provided in the hyperlink parameter executed in web browser.

The consequences of this would be any visitor can exploit it by using the same shortcode in the comment section. Any comment that shows up with the plugin shortcode will run any javascript code embedded into it.

But for a better chance of making an admin hit it is by writing a post and make him review it. That way, when a logged-in user reviews a post, his/her site cookies can be sent silently to the hacker and then hacker can log in as an admin.

No patch released yet

So far the vulnerability is working on the latest version of plugin. All the 10,000+ websites that have installed this plugin are under huge risk of exposing their sites to hackers.

I also tested this vulnerability with WordFence free firewall, unfortunately the WordFence free version does not protect the site from exploiting this vulnerability. The way WordFence free version works is that they provide security patches to free users after 30 days of discovery. So may be they have provided the patch but that’s not yet available for free users.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Xiaomi Trumps Apple to Become the Third Best Smartphone Maker Globally

The third quarter saw the smartphone market recover after taking massive hits due to the COVID-19 pandemic earlier this year. Samsung again came out...

Call Of Duty Warzone Mobile Might Become A Reality, Confirms Activision

A while back, Activision put out a job listing with its description saying “WZM,” which clearly meant Warzone Mobile. Ever since then, Call of...

SmartThings Find Locates Your Lost or Misplaced Galaxy Devices

Samsung has launched SmartThings Find, a new service in SmartThings app to help locate your misplaced or stolen Galaxy devices. The app uses Bluetooth...

10 Best Apple Mail Alternatives for Mac and iPhone in 2020

Unlike other stock apps like Safari and Notes, Apple Mail for macOS hasn’t got major improvements for a long time. The email app not...

Indian Army Launches Atmanirbhar Secure Messaging App ‘SAI’ for Soldiers

The Indian Army has decided to bolster its soldiers’ security by building a WhatsApp-like secure messaging app as part of the Atmanirbhar Bharat campaign....