Saturday, October 3, 2015

Stored XSS vulnerability in "WordPress plugin" could allow attacker to completely take over site


Researchers with Sucuri have found a XSS vulnerability in the wordpress popular plugin "Jetpack ".

The cross site scripting vulnerability in wordpress plugin allow attacker to completely take the site. The vulnerability lies in the wordpress jetpack plugin version 3.7 or lower.The issue was fixed earlier this week with the release of Jetpack 3.7.1 and 3.7.2

The Jetpack plugin provide various features like website customization, Overview of traffic, Mobile v/s Desktop traffic, content and performance tools.More insecure part is ,millions of site owner still running the older version of Wordpress jetpack plugin.
According to a Sucuri post, published on Thursday, "an attacker can exploit this vulnerability by entering a specially crafted malicious email address into website's contact form pages".
“As the email is not sanitized properly before being output on the ‘Feedback' administrative section, bug allow attacker to execute JavaScript code on the administrator's end and provide full access to attacker on site.

In a Friday, Marc-Alexandre Montpas, vulnerability researcher with Sucuri,that Sucuri has not observed any instances of the stored XSS bug being exploited in the wild. However, he added that attackers may attempt to develop exploits now that the release is out.

According to Montpas, the bug is very easy to exploit.

“As it's a stored XSS bug, the attacker has to wait for an administrator to visit the plugin's Feedback section to silently trigger [the] attack payload,” Montpas said. “If this happens, nothing stops the malicious script from taking control of the site, which is extremely dangerous.”

No comments:

Post a Comment