Security Risk: Medium Exploitation Level: Medium / Requires from none to some privilege DREAD Score: 7.0/10 Vulnerability: Stored XSS Patched Version: 4.8.2 During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1. Are You at Risk? The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting capabilities (if anonymous posting is allowed then no account is needed). All WordPress installations are at risk when these conditions are met. Besides making it possible to hijack the victim’s user account (among other things), if an administrator user is exploited, the entire WordPress installation and underlying server could be fully compromised. The XSS vector can make a call to an external script that performs a Cross-Site Request Forgery (CSRF) attack. By acting in the behalf of an administrator user, an attacker can send authenticated requests to edit the website’s current PHP code, leading to Remote Command Execution (RCE) and complete takeover.
Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.