SiteOrigin Widgets Bundle WordPress plugin with over 600,000 installations patched an authenticated saved cross-site scripting (XSS) vulnerability that might permit attackers to add arbitrary information and expose website guests to malicious scripts.
SiteOrigin Widgets Bundle Plugin
The SiteOrigins Widgets plugin, with +600,000 energetic installations, offers a option to simply add a mess of widget features like sliders, carousels, maps, change the way in which weblog posts are displayed, and different helpful webpage parts.
Saved Cross-Web site Scripting Vulnerability
A Cross-Web site Scripting (XSS) vulnerability is a flaw permits a hacker to inject (add) malicious scripts. In WordPress plugins, these sorts of vulnerabilities come up from flaws in how knowledge that’s enter shouldn’t be correctly sanitized (filtered for untrusted knowledge) and likewise from improperly securing output knowledge (known as escaping knowledge).
This specific XSS vulnerability is known as a Saved XSS as a result of the attacker is ready to inject the malicious code to the server. In response to the non-profit Open Worldwide Utility Safety Venture (OWASP), the power to launch an assault straight from the web site makes it significantly regarding.
OWASP describes the saved XSS menace:
“The sort of exploit, often called Saved XSS, is especially insidious as a result of the indirection brought on by the information retailer makes it tougher to determine the menace and will increase the likelihood that the assault will have an effect on a number of customers. “
In an XSS assault, the place a script has efficiently been injected, the attacker sends a dangerous script to an unsuspecting website customer. The consumer’s browser, as a result of it trusts the web site, executes the file. This could permit the attacker to entry cookies, session tokens, and different delicate web site knowledge.
Vulnerability Description
The vulnerability arose due to flaws in sanitizing inputs and escaping knowledge.
The WordPress developer web page for safety explains sanitization:
“Sanitizing enter is the method of securing/cleansing/filtering enter knowledge. Validation is most popular over sanitization as a result of validation is extra particular. However when “extra particular” isn’t attainable, sanitization is the following neatest thing.”
Escaping knowledge in a WordPress plugin is a safety operate that filters out undesirable output.
Each of these features wanted enchancment within the SiteOrigins Widgets Bundle plugin.
Wordfence described the vulnerability:
“The SiteOrigin Widgets Bundle plugin for WordPress is weak to Saved Cross-Web site Scripting through the onclick parameter in all variations as much as, and together with, 1.58.3 because of inadequate enter sanitization and output escaping.”
This vulnerability requires authentication earlier than it may be executed, which implies the attacker wants no less than a contributor degree entry so as to have the ability to launch an assault.
Beneficial motion:
The vulnerability was assigned a medium CVSS severity degree, scoring 6.4/10. Plugin customers ought to contemplate updating to the most recent model, which is model 1.58.5, though the vulnerability was patched in model 1.58.4.
Learn the Wordfence vulnerability advisory:
SiteOrigin Widgets Bundle <= 1.58.3 – Authenticated (Contributor+) Saved Cross-Web site Scripting
