edit-icon download-icon

[Vulnerability notice] Stored XSS vulnerability in WordPress

Last Updated: Apr 08, 2018

On October 19, 2017, WordPress released a security notice about a stored XSS vulnerability in version 4.8.1. An attacker can leave a comment that contains malicious code on the affected website. When the comment page is opened, the malicious code is ran, causing the website permissions and plug-ins to be changed or even fully controlled. This vulnerability brings high security risks.

We recommend that you check for the vulnerability and upgrade WordPress to the latest version immediately.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

WordPress stored XSS vulnerability

Vulnerability rating

High

Vulnerability description

This vulnerability affects WordPress 4.8.1. It is exploitable by an unauthorized attacker to inject JavaScript attack code into a comment in WordPress. Once the administrator logs on and reviews the comment, the JavaScript is triggered. The attacker can access the backend and control the server by using the topic or plug-in editor. This vulnerability brings high security risks.

Condition and method of exploitation

Remote exploitation

PoC status

Published

Affected scope

  • Affected version: WordPress 4.8.1
  • Unaffected version: WordPress 4.8.2

Vulnerability detection

Check whether any affected version of WordPress is used.

How to fix or mitigate

  • Select Update on the backend dashboard of WordPress to upgrade WordPress to the latest official version 4.8.2.

  • Use Alibaba Cloud Security WAF for defense.

Reference

[1]. https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
[2]. https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Information you may want to know

  • What is a stored XSS vulnerability?

    The stored XSS vulnerability is persistent. It can be exploited to inject and store malicious code on the server. On vulnerable web pages, malicious code may be stored in input fields, for example, fields for editing user profile or posting comments. The code execution is triggered when users visit the vulnerable page. Websites infected with the stored XSS vulnerability are vulnerable to worms and cookie theft.

  • What is a reflected XSS vulnerability?

    The reflected XSS vulnerability is non-persistent. It triggers XSS code by inducing visitors to click a malicious link. The code is not stored in any page or content on the server. Websites with a search page are prone to this type of XSS vulnerability.

Thank you! We've received your feedback.