Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version: bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites – one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: April 12th, 2016 – Bug discovered, initial report to the bbPress team May 2nd, 2016 – bbPress team announces security release May 3rd, 2016 – Sucuri releases disclosure Are You At Risk? This bug is present on every default install of bbPress < 2.5.9, so yes, you’re probably at risk. The vulnerability allows any malicious users participating on the forum to insert malicious Javascript snippets into posts and replies. This is especially dangerous considering the social nature of forums. As a Cross-Site Scripting (XSS) vulnerability, it could allow this user to hijack other user accounts, perform actions on their behalf (like administrators, moderators, etc.) to escalate its user’s privileges. Technical Details All posts and replies are sanitized by the WordPress function wp_kses(), which acts as
Share This