XSS Bug Discovered in SEO Press WordPress Plugin – Allows Site Takeover!

Share This Post

A stored cross-site scripting (XSS) vulnerability in the SEO Press WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers commented.

The bug would allow a number of malicious actions, up to & including full site takeover. The vulnerable plugin is installed on 100,000 websites.

SEO Press is a search engine optimisation (SEO) tool that lets site owners manage SEO metadata, social-media cards, Google Ad settings & more. It’s installed on more than 100,000 sites.

Title & Description

“1 feature the plugin implements is the ability to add a SEO title & description to posts, & this can be done while saving edits to a post or via a newly introduced REST-API endpoint,” researchers at Wordfence stated in a Mon. blog post. “Unfortunately, this REST-API endpoint was insecurely implemented.”

The bug (CVE-2021-34641) allows any authenticated user, like a subscriber, to call the REST route with a valid nonce, & to update the SEO title & description for any post.

Endpoint

“The permissions call-back for the endpoint only verified if the user had a valid REST-API nonce in the request,” according to the posting. “A valid REST-API nonce can be generated by any authenticated user using the rest-nonce WordPress core AJAX action.”

Depending on what an attacker updates the title & description to, it would allow a number of malicious actions, up to and including full site takeover, researchers observed.

“The payload could include malicious web scripts, like JavaScript, due to a lack of sanitisation or escaping on the stored parameters,” they wrote.

Web Scripts

“These web scripts would then execute any time a user accessed the ‘All Posts’ page. As always, cross-site scripting vulnerabilities such as this one can lead to a variety of malicious actions like new administrative account creation, webshell injection, arbitrary redirects and more.

This vulnerability could easily be used by an attacker to take over a WordPress site.”

To protect their websites, users should upgrade to version 5.0.4 of SEOPress.

Issues Persist

Vulnerabilities in WordPress plugins remain fairly common. For example, in July 6 critical flaws were disclosed that affected the WordPress plugin Front File Manager versions 17.1 & 18.2, active on more than 2,000 websites.

Earlier, in March, The Plus Addons for Elementor plugin for WordPress was discovered to contain a critical security vulnerability that attackers can exploit to quickly, easily & remotely take over a website. 1st reported as a zero-day bug, researchers said that it was being actively attacked in the wild.

In Feb., an unpatched, stored XSS security bug was found to potentially affect 50,000 Contact Form 7 Style plugin users.

Orbit Fox

Also, in Jan., researchers warned of 2 vulnerabilities (1 critical) in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

Also that month, a plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability that could be exploited by attackers to send out newsletters with custom content or to delete or import newsletter subscribers.

Virtual Conference September 2021

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds