Security Risk: Medium Exploitation Level: Medium / Requires from none to some privilege DREAD Score: 7.0/10 Vulnerability: Stored XSS Patched Version: 4.8.2 During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1. Are You at Risk? The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting capabilities (if anonymous posting is allowed then no account is needed). All WordPress installations are at risk when these conditions are met. Besides making it possible to hijack the victim’s user account (among other things), if an administrator user is exploited, the entire WordPress installation and underlying server could be fully compromised. The XSS vector can make a call to an external script that performs a Cross-Site Request Forgery (CSRF) attack. By acting in the behalf of an administrator user, an attacker can send authenticated requests to edit the website’s current PHP code, leading to Remote Command Execution (RCE) and complete takeover.
Share This