Vulnerability Found in Multiple Stored XSS Form in WordPress Version 1.2.5
Comodo’s Web Security Team discovered a vulnerability in WordPress ‘Multiple Stored XSS Formula’ version 1.2.5. This vulnerability could be used to steal personal data. This was due to poor sanitization. The values were not properly validated or escaped.
Although there are risks associated with any XSS vulnerability, this vulnerability has stored XSS. This vulnerability is most dangerous to users of MondulaMulti Step Form Plugin up to 1.2.5 on CDN for WordPress. Users who feel they may have been vulnerable to this vulnerability are advised to upgrade to the most current version of the plugin.
Type: Improper neutralization of input during web page generation (‘Cross-site scripting’)
The Proof of Concept
There are multiply stored and reflected XSS vulnerabilities in file class-module-multistep-forms-admin.php in fw_wizard_save action. This is due to unfiltered user input using the following parameters:
This vulnerability can only be exploited with authentication
Enter payload and save in Multi-step form. The values are passed via Ajax a+’ http://localhost/word496/wp-admin/admin-ajax.php
The sanitized data is missing in this instance, so the values were not properly validated or escaped. To avoid XSS, sanitize the affected vectors. Below is the corrected code:
How to protect yourself before patching:
Comodo’s Web Application Firewall (CWAF offers powerful protection for websites and web applications running on Apache, LiteSpeed, and Nginx Linux. CWAF supports ModSecurity rules for advanced filtering, security, and intrusion protection.
It is essential:
- Protect sensitive customer data
- Respect PCI compliance
- Block unauthorized access
- Anticipate SQL injection and Cross-Site Scripting attacks (XSS).