WordPress xss

Vulnerability Found in Multiple Stored XSS Form in WordPress Version 1.2.5

Comodo’s Web Security Team discovered a vulnerability in WordPress ‘Multiple Stored XSS Formula’ version 1.2.5. This vulnerability could be used to steal personal data. This was due to poor sanitization. The values were not properly validated or escaped.

Although there are risks associated with any XSS vulnerability, this vulnerability has stored XSS. This vulnerability is most dangerous to users of MondulaMulti Step Form Plugin up to 1.2.5 on CDN for WordPress. Users who feel they may have been vulnerable to this vulnerability are advised to upgrade to the most current version of the plugin.

The Multi Step Form plugin allows for drag and drops functionality and a form builder. This makes it easy to create multi-step forms that look great. You can embed forms on any page or post by using shortcodes. This vulnerability can be exploited by a remote attacker who executes JavaScript code via Reflected XSS attacks.

Classification

Type: Improper neutralization of input during web page generation (‘Cross-site scripting’)

CWE: 79

The Proof of Concept

There are multiply stored and reflected XSS vulnerabilities in file class-module-multistep-forms-admin.php in fw_wizard_save action. This is due to unfiltered user input using the following parameters:

This vulnerability can only be exploited with authentication

Example:

Enter payload and save in Multi-step form. The values are passed via Ajax a+’ http://localhost/word496/wp-admin/admin-ajax.php

Code differences

The sanitized data is missing in this instance, so the values were not properly validated or escaped. To avoid XSS, sanitize the affected vectors. Below is the corrected code:

How to protect yourself before patching:

Comodo’s Web Application Firewall (CWAF offers powerful protection for websites and web applications running on Apache, LiteSpeed, and Nginx Linux. CWAF supports ModSecurity rules for advanced filtering, security, and intrusion protection.