CleanTalk's blog

    Sign up

    Author: Dmitrii I

    • Plugin Security Certification: “FileBird” – Version 5.5: Secure Media Library Management

      Plugin Security Certification: “FileBird” – Version 5.5: Secure Media Library Management

      In the world of WordPress media library management, one aspect that should never be overlooked is security. The “FileBird” plugin, specifically version 5.5, is not only a powerhouse in organizing your media library but also a guardian of your website’s security. In this article, we delve into how this plugin goes above and beyond in securing your media files and proudly earned the coveted “Plugin Security Certification” (PSC).

      Name of PluginFileBird – WordPress Media Library Folders & File Manager
      Version5.5
      DescriptionA powerful plugin that elevates media library management in WordPress, prioritizing security. Features include a clean interface, native icons, smooth drag-and-drop functionality, dynamic gallery options, and advanced sorting capabilities.
      SecuritySuccessfully tested for SQL Injections, XSS Attacks, CSRF Attacks, Authentication Vulnerabilities, Authentication Bypass Vulnerabilities, Privilege Escalation Vulnerabilities, Buffer Overflow Vulnerabilities, Denial-of-Service (DoS) Vulnerabilities, Data Leakage Vulnerabilities, Insecure Dependencies, Code Execution Vulnerabilities, Privilege Escalation Vulnerabilities, File Unauthorized Access Vulnerabilities, Insufficient Injection Protection, and Information Leakage Vulnerabilities.
      CleanTalk CertificationEarned the esteemed “Plugin Security Certification” badge from CleanTalk, highlighting its commitment to security.
      Additional InformationIt’s advisable to verify the most up-to-date information on the plugin developer’s website.
      Plugin Security Certification by CleanTalk

      FileBird: A Secure Media Library Organizer

      FileBird” is more than just a media library organizer; it’s a protector of your website’s assets. It boasts an array of features designed to enhance security:

      • Clean User Interface: “FileBird” presents a user-friendly and intuitive interface, making navigation safe and straightforward.
      • Native Icons: Native icons not only enhance familiarity but also ensure security by relying on proven design principles.
      • Smooth Drag & Drop: The drag-and-drop functionality is not only efficient but also secure, ensuring that your files remain intact during organization.
      • Dynamic Gallery: Dynamic galleries are created with security in mind, ensuring that your media is presented without any vulnerabilities.
      • Advanced Sort Options: Sorting and finding files is a secure process, guaranteeing that your media files are always accessible and protected.

      Enhanced Security Measures

      “FileBird” version 5.5 is dedicated to improving the security of your media files. It facilitates enhanced media library organization with unlimited main folders and subfolders. This organized approach ensures that your media assets are well-protected and easily retrievable, improving overall website security.

      Plugin Security Certification (PSC)

      The security measures implemented in “FileBird” have not gone unnoticed. The plugin has proudly achieved the “Plugin Security Certification” (PSC) from a trusted authority, underlining its dedication to safeguarding your media assets. This certification signifies that “FileBird” adheres to rigorous security standards, providing users with the assurance that their website’s media library is in safe hands.

      Conclusion

      “FileBird” version 5.5 is not just a media library organizer; it’s a security stronghold for your website. Its array of features, combined with enhanced security measures, ensures that your media assets are organized efficiently and protected from vulnerabilities.

      Whether you’re a content creator, a blogger, or a website administrator, “FileBird” simplifies media library management while prioritizing security. With its “Plugin Security Certification” badge, it stands as a testament to its unwavering commitment to your website’s safety.

      Note: The date and certification information may change over time. We recommend verifying the latest details on the plugin developer’s website.

    • CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

      CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

      While evaluating the plugin, we uncovered a vulnerability that permits the execution of Stored Cross-Site Scripting (XSS) on behalf of a contributor. This vulnerability is exploited by inserting a shortcode into a newly created post, potentially resulting in an account takeover.

      Main info:

      CVECVE-2023-4795
      PluginTestimonial Slider Shortcode
      CriticalHigh
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A7: Cross-Site Scripting (XSS)
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4795
      https://wpscan.com/vulnerability/b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0
      Plugin Security Certification by CleanTalk

      Timeline

      August 24, 2023Plugin testing and vulnerability detection in the Testimonial Slider Shortcode plugin have been completed
      August 24, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 20, 2023The author has released a fix update
      September 25, 2023Registered CVE-2023-4795

      Discovery of the Vulnerability

      During a thorough evaluation of the Testimonial Slider Shortcode plugin, a significant security vulnerability was uncovered. This vulnerability allows for the execution of Stored Cross-Site Scripting (XSS) attacks through the use of a shortcode within a new post. Intriguingly, this security loophole can be exploited by contributors and users with elevated privileges, potentially leading to unauthorized account access.

      Understanding of Stored XSS attack’s

      Stored Cross-Site Scripting (XSS) represents a type of security vulnerability where malicious scripts are inserted into a web application and then stored for future execution when other users interact with the affected content. In the context of this vulnerability, attackers can utilize shortcodes to store and subsequently execute malicious JavaScript code.

      Exploiting the Stored XSS

      Exploiting the Stored XSS vulnerability within the Testimonial Slider Shortcode plugin involves the insertion of malicious code within a shortcode by an attacker with contributor-level privileges or higher. The injected code may include payloads designed to steal user data, impersonate users, or execute actions on behalf of the compromised contributor account. Attackers can create seemingly innocuous posts that, upon viewing, trigger the execution of the malicious script.

      POC shortcode:

      [tss_item text=»Abelson has been an amazing firm to work with. Lorem changed the company.» name=»JOHN SAMPSON LP» link=’” onmouseover=”alert(/XSS/)”‘/]

      This is shortcode which you can add to new post

      Despite the requirement for contributor-level privileges, CVE-2023-4795 poses substantial risks. An attacker who successfully exploits this vulnerability can:

      • Execute arbitrary code within the context of other users’ browsers.
      • Pilfer sensitive data such as cookies or session information.
      • Gain unauthorized access to the compromised contributor’s account.
      • Assume the identity of contributors to carry out nefarious actions on the website.

      In a real-world scenario, envision an attacker leveraging this vulnerability to compromise a contributor’s account on a website employing the Testimonial Slider Shortcode plugin. By embedding a malicious shortcode in a seemingly harmless post, they can execute an XSS attack on anyone who views the manipulated content. This could result in unauthorized account access, data breaches, and harm to the website’s reputation.

      Recommendations for Improved Security

      To mitigate the risks posed by CVE-2023-4795 and enhance the overall security of WordPress websites employing the Testimonial Slider Shortcode plugin, consider the following recommendations:

      • Plugin updates: Ensure the Testimonial Slider Shortcode plugin is kept up to date, specifically to version 1.1.9 or later, which should contain a patch addressing this vulnerability.
      • Input validation and sanitization: Developers should implement stringent input validation and data sanitization to prevent the injection of malicious code through shortcodes or other user inputs.
      • Least privilege principle: Restrict the capabilities and permissions of contributors and other user roles to minimize the potential impact of a compromised account.
      • Regular security assessments: Routinely conduct security audits and penetration testing to proactively identify and address vulnerabilities.
      • User education: Educate contributors and administrators about potential security threats and best practices for securely using and managing plugins and shortcodes.

      By adhering to these recommendations, website administrators can significantly reduce the risk of Stored XSS attacks and enhance the overall security posture of their WordPress installations, even for vulnerabilities that may require contributor-level privileges.

      #WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

      CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

      During testing, a vulnerability was found that allows, through changing the settings, to implement Stored XSS on all pages where there is a mention of the plugin. This vulnerability is available on behalf of the administrator and allows you to leave javascript “backdoor” when capturing an administrative account, which will allow account takeover. Unfiltered_html capability is prohibited

      Main info:

      CVECVE-2023-4725
      PluginSimple Posts Ticker
      CriticalMedium
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A7: Cross-Site Scripting (XSS)
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4725
      https://wpscan.com/vulnerability/e9b9a594-c960-4692-823e-23fc60cca7e7
      Plugin Security Certification by CleanTalk

      Timeline

      August 21, 2023Plugin testing and vulnerability detection in the Simple Posts Ticker plugin have been completed
      August 21, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 18, 2023The author has released a fix update
      September 25, 2023Registered CVE-2023-4725

      Discovery of the Vulnerability

      During the process of comprehensive security testing, a critical vulnerability was unearthed in the Simple Posts Ticker plugin, specifically a Stored Cross-Site Scripting (XSS) flaw. This vulnerability enables an attacker to execute malicious code, impersonating an administrator, by manipulating the plugin’s settings. Despite requiring administrator-level privileges, this vulnerability still poses a significant threat to website security.

      Understanding of Stored XSS attack’s

      Stored Cross-Site Scripting (XSS) is a type of security vulnerability where malicious scripts are injected into a web application and subsequently stored for later execution when unsuspecting users access the affected content. In the context of this vulnerability, an attacker can leverage the plugin’s settings to store and execute malicious JavaScript code.

      Exploiting the Stored XSS

      Exploiting the Stored XSS vulnerability in the Simple Posts Ticker plugin requires administrator-level access to manipulate the plugin’s settings. An attacker can insert malicious code, such as JavaScript payloads, into the settings fields. When the settings are saved, the malicious code is stored and executed whenever the administrator interacts with the plugin, potentially leading to the compromise of their account.

      POC:

      3px;”><img src=x onerror=alert(1)>

      Despite the need for administrator privileges to exploit CVE-2023-4725, the potential risks associated with this vulnerability are severe. An attacker who successfully compromises an administrative account through this Stored XSS flaw can:

      • Gain unauthorized access to sensitive website functions.
      • Modify content, settings, and configurations.
      • Create “backdoors” in the form of JavaScript code to maintain control.
      • Launch further attacks, such as privilege escalation or data theft.

      In a real-world scenario, imagine an attacker exploiting this vulnerability to compromise an administrator’s account on a website that uses the Simple Posts Ticker plugin. They could inject malicious JavaScript code into the plugin’s settings, enabling them to control the administrator’s account and potentially carry out actions that damage the website’s reputation and integrity.

      Recommendations for Improved Security

      To mitigate the risk posed by CVE-2023-4725 and enhance the overall security of WordPress websites using the Simple Posts Ticker plugin, the following recommendations should be followed:

      • Update the plugin: Ensure the Simple Posts Ticker plugin is updated to the latest version (1.1.6 or higher), which should contain a patch addressing this vulnerability.
      • Input validation and sanitization: Developers should implement rigorous input validation and data sanitization to prevent the injection of malicious code in settings fields.
      • Regular security audits: Conduct routine security audits and penetration testing to identify and rectify vulnerabilities proactively.
      • Least privilege principle: Limit the capabilities and permissions of administrator accounts to reduce the potential damage caused by a compromised administrative account.
      • User awareness and education: Educate administrators about potential security threats and best practices for securely configuring and managing plugins.

      By adhering to these recommendations, website administrators can significantly reduce the risk of Stored XSS attacks and enhance the overall security posture of their WordPress installations, even for vulnerabilities requiring administrator privileges.

      #WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #MediumVulnerability

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

      CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

      While examining the plugin during the testing phase, we uncovered a vulnerability that enables the execution of Stored Cross-Site Scripting (XSS) attacks, accomplished by incorporating a shortcode into a new post. This vulnerability has the potential to lead to the compromise of user accounts, particularly those of contributors.

      Main info:

      CVECVE-2023-4646
      PluginSimple Posts Ticker
      CriticalHigh
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A7: Cross-Site Scripting (XSS)
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4646
      https://wpscan.com/vulnerability/c34f8dcc-3be6-44ad-91a4-7c3a0ce2f9d7
      Plugin Security Certification by CleanTalk

      Timeline

      August 18, 2023Plugin testing and vulnerability detection in the Simple Posts Ticker plugin have been completed
      August 18, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 18, 2023The author has released a fix update
      September 25, 2023Registered CVE-2023-4646

      Discovery of the Vulnerability

      While conducting an extensive plugin security assessment, a critical vulnerability was uncovered in the Simple Posts Ticker plugin. Specifically, this vulnerability allows an attacker to execute Stored Cross-Site Scripting (XSS) attacks by utilizing a shortcode within a new post. Importantly, this flaw can be exploited by contributors or users with higher privileges and could potentially lead to unauthorized account access.

      Understanding of Stored XSS attack’s

      Stored Cross-Site Scripting (XSS) is a type of security vulnerability where malicious scripts are inserted into a web application and stored for later execution when accessed by other users. In the context of this vulnerability, attackers can leverage shortcodes to store and execute malicious JavaScript code.

      Exploiting the Stored XSS

      Exploiting the Stored XSS vulnerability within the Simple Posts Ticker plugin necessitates the insertion of malicious code within a shortcode by an attacker with contributor-level or higher privileges. The inserted code can include payloads designed to steal user data, impersonate users, or execute actions on behalf of the compromised contributor account. Attackers can create deceptive posts that, when viewed, execute the malicious script.

      POC shortcode:

      [spt-posts-ticker label_text_size=’” onmouseover=”alert(/XSS/)”‘ label_text=”123123″]

      This is shortcode which you can add to new post

      Despite requiring contributor-level privileges, CVE-2023-4646 poses significant risks. An attacker who successfully exploits this vulnerability can:

      • Execute arbitrary code within the context of other users’ browsers.
      • Steal sensitive data like cookies or session information.
      • Gain unauthorized access to the compromised contributor’s account.
      • Impersonate contributors to perform malicious actions on the website.

      In a real-world scenario, envision an attacker leveraging this vulnerability to compromise a contributor’s account on a website employing the Simple Posts Ticker plugin. By embedding a malicious shortcode in a seemingly innocuous post, they can execute an XSS attack on anyone who views the manipulated content. This could result in unauthorized account access, data breaches, and damage to the website’s reputation.

      Recommendations for Improved Security

      To mitigate the risks posed by CVE-2023-4646 and bolster the overall security of WordPress websites utilizing the Simple Posts Ticker plugin, consider the following recommendations:

      • Plugin updates: Ensure the Simple Posts Ticker plugin is kept up to date, specifically to version 1.1.6 or later, which should contain a patch addressing this vulnerability.
      • Input validation and sanitization: Developers should implement rigorous input validation and data sanitization to prevent the injection of malicious code through shortcodes or other user inputs.
      • Least privilege principle: Restrict the capabilities and permissions of contributors and other user roles to minimize the potential impact of a compromised account.
      • Routine security assessments: Regularly conduct security audits and penetration testing to proactively identify and address vulnerabilities.
      • User education: Educate contributors and administrators about potential security threats and best practices for securely using and managing plugins and shortcodes.

      By adhering to these recommendations, website administrators can significantly reduce the risk of Stored XSS attacks and enhance the overall security posture of their WordPress installations, even for vulnerabilities that may require contributor-level privileges.

      #WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

      CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

      During the plugin’s testing phase, a vulnerability was identified that enables the execution of Stored XSS by an attacker who embeds a shortcode in a new post, potentially leading to an account takeover.

      Main info:

      CVECVE-2023-4798
      PluginUser Avatar – Reloaded
      CriticalHigh
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A7: Cross-Site Scripting (XSS)
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4798
      https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42
      Plugin Security Certification by CleanTalk

      Timeline

      August 22, 2023Plugin testing and vulnerability detection in the User Avatar – Reloaded access plugin have been completed
      August 22, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 22, 2023The author has released a fix update
      September 25, 2023Registered CVE-2023-4798

      Discovery of the Vulnerability

      While conducting a security assessment of the User Avatar – Reloaded plugin, a critical vulnerability was identified. This vulnerability allows for the execution of Stored Cross-Site Scripting (XSS) attacks, carried out on behalf of a contributor-level user by embedding a malicious shortcode within a new post. This security flaw poses a significant threat as it enables attackers to gain control over user accounts and potentially compromise the integrity of the website.

      Understanding of Stored XSS attack’s

      Stored Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when an application does not properly validate and sanitize user inputs. It allows an attacker to inject malicious scripts into a website, which are then stored and executed when other users view the affected content. This can lead to a range of malicious actions, including data theft, session hijacking, or even complete website compromise.

      Exploiting the Stored XSS

      Exploiting the Stored XSS vulnerability in the User Avatar – Reloaded plugin involves an attacker with contributor-level access inserting malicious code within a shortcode. This code can include payloads designed to steal user cookies, impersonate users, or perform actions on behalf of the compromised contributor account. Attackers can craft convincing phishing attempts, potentially leading to the compromise of sensitive data and accounts.

      POC shortcode:

      [avatar user=”admin” size=”96″ align=”left” link=’” onmouseover=”alert(/XSS/)”‘ /]

      This is shortcode which you can add to new post

      The potential risks associated with CVE-2023-4798 are substantial. An attacker could compromise the accounts and privacy of contributors and potentially escalate their access to perform more malicious actions. This could include posting harmful content, stealing user data, or manipulating website functionality.

      In a real-world scenario, imagine an attacker gaining access to a contributor-level account on a website using the User Avatar – Reloaded plugin. By embedding a malicious shortcode in a post, they can target and compromise the accounts of unsuspecting users who view the manipulated content. This could lead to unauthorized access, data breaches, and a loss of trust in the website’s security.

      Recommendations for Improved Security

      To mitigate the risk posed by CVE-2023-4798 and enhance the overall security of WordPress websites using the User Avatar – Reloaded plugin, the following recommendations should be considered:

      • Update the plugin: Website administrators should promptly update the User Avatar – Reloaded plugin to version 1.2.2 or later, which should include a patch to address this vulnerability.
      • Input validation: Developers should implement robust input validation and output encoding to prevent malicious code injection through shortcodes or other user inputs.
      • User privilege management: Limit contributors’ capabilities and restrict access to critical functionalities, reducing the potential damage caused by compromised contributor accounts.
      • Regular security audits: Conduct routine security audits and penetration testing on your WordPress website to identify and address vulnerabilities proactively.
      • User awareness and education: Train contributors and administrators to recognize potential security threats, emphasizing the importance of safe shortcode usage and adherence to security best practices.

      By following these recommendations, website owners can significantly reduce the risk of Stored XSS attacks and enhance the overall security posture of their WordPress installations.

      #WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

      CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

      During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.

      Main info:

      CVECVE-2023-4933
      PluginWP Job Openings
      CriticalHigh
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A3: Sensitive Data Exposure
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4933
      https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7
      Plugin Security Certification by CleanTalk

      Timeline

      September 13, 2023Plugin testing and vulnerability detection in the WP Job Openings access plugin have been completed
      September 13, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 20, 2023The author has released a fix update
      September 25, 2023Registered CVE-2023-4933

      Discovery of the Vulnerability

      While conducting a comprehensive security assessment of the WP Job Openings plugin, a critical vulnerability was identified in its Directory Listings system. This vulnerability allows unauthorized users to access and download private files belonging to other users. This security flaw is of utmost concern as it enables attackers to gain access to sensitive data and files without any authorization.

      Understanding of Directory Listing attack’s

      Directory Listing, in the context of web servers, refers to the practice of displaying the contents of a directory when an index file (like index.html or index.php) is absent. Without proper security measures in place, this can lead to unintended exposure of files and directories to anyone who accesses the directory through a web browser. For example, if an attachment directory doesn’t have an index file and the web server’s autoindex feature is enabled, it may display a list of files and directories to visitors.

      Imagine a scenario where the WP Job Openings plugin stores attachments related to job applications in a directory without proper access controls or an index file. If an attacker knows or guesses the directory’s path, they can easily view and download attachments submitted by other users.

      Exploiting the Directory Listing

      Exploiting the Directory Listing vulnerability in WP Job Openings requires little technical skill. An attacker needs to:

      • Identify the target directory where attachments are stored, often through educated guesses or publicly available information.
      • Use a web browser to access the directory directly.
      • If the directory listing is enabled and lacks proper access controls, the attacker can view and download files belonging to other users.

      This straightforward process allows attackers to access private attachments and potentially expose sensitive information, such as resumes, cover letters, and personal details submitted by job applicants.

      POC:

      1. You can find directory listing inside this URL http://your_site/wordpress/wp-content/uploads/awsm-job-openings/2023/09/

      Potential Risks and Real-World Impact

      The potential risks associated with CVE-2023-4933 are substantial. An attacker could compromise the privacy and confidentiality of job applicants by accessing their personal documents. In addition, sensitive corporate data, including resumes, contact information, and internal job-related documents, may also be exposed.

      In a real-world scenario, consider an attacker who accesses a directory storing job application attachments through the vulnerability in the WP Job Openings plugin. They may use the gathered information for malicious purposes, such as identity theft, spear-phishing, or selling sensitive data on the dark web. Furthermore, if the affected organization handles highly regulated data (e.g., personal health information or financial records), this exposure could lead to legal and compliance issues.

      Recommendations for Improved Security

      To mitigate the risk posed by CVE-2023-4933 and enhance the overall security of WordPress websites using the WP Job Openings plugin, the following recommendations should be followed:

      1. Update the plugin: Website administrators should promptly update the WP Job Openings plugin to version 3.4.3 or later, which should include a patch to address this vulnerability.
      2. Implement access controls: Developers should configure proper directory permissions and access controls to prevent unauthorized directory listings and file access.
      3. Disable directory listing: Ensure that directory listing is disabled in the web server’s configuration, especially for directories containing sensitive data.
      4. Security monitoring: Implement continuous security monitoring to detect and respond to potential vulnerabilities or attacks promptly.
      5. Regular audits: Perform routine security audits and penetration testing to identify and address security weaknesses in WordPress plugins and themes.

      By following these recommendations, website owners can significantly reduce the risk of sensitive data exposure through directory listings and enhance the overall security posture of their WordPress installations.

      #WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #HighVulnerability

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

      CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

      In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover

      Main info:

      CVECVE-2023-4289
      PluginWP Matterport Shortcode
      CriticalHigh
      Publicly PublishedSeptember 25, 2023
      Last UpdatedSeptember 25, 2023
      ResearcherDmtirii Ignatyev
      OWASP TOP-10A7: Cross-Site Scripting (XSS)
      PoCYes
      ExploitWill be later
      Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4289
      https://wpscan.com/vulnerability/38c337c6-048f-4009-aef8-29c18afa6fdc
      Plugin Security Certification by CleanTalk

      Timeline

      August 7, 2023Plugin testing and vulnerability detection in the WP Matterport Shortcode plugin have been completed
      August 7, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
      September 20, 2023The author has eliminated the vulnerability and patched his plugin
      September 25, 2023Registered CVE-2023-4289

      Discovery of the Vulnerability

      During the process of plugin testing, a vulnerability was uncovered in WP Matterport Shortcode. This vulnerability allows for the execution of Stored Cross-Site Scripting (XSS) attacks, carried out on behalf of a contributor-level user by embedding a malicious shortcode within a new post. This security flaw could potentially lead to account takeover and poses a significant threat to website security.

      Understanding Cross-Site Scripting (XSS)

      Stored Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when an application does not properly validate user inputs and subsequently renders malicious scripts within a web page or application. In the context of this vulnerability, a contributor can inject harmful code via a shortcode that remains stored on the website server. When unsuspecting users view the compromised content, the malicious script is executed within their browsers, allowing attackers to steal sensitive information, impersonate users, or carry out other malicious actions.

      Exploiting the Stored Cross-Site Scripting (XSS) vulnerability

      Exploiting the Stored XSS vulnerability in WP Matterport Shortcode involves an attacker with contributor-level access inserting malicious code within a shortcode. This code could include payloads to steal user cookies, redirect users to malicious websites, or perform actions on behalf of the compromised contributor account. Attackers can craft convincing phishing attempts, compromising the security and trustworthiness of the affected website.

      POC shortcode:

      [matterport cols=”3″ src=”https://wordpress.org/plugins/shortcode-gallery-for-matterport-showcase/uKDy9xrMRCi,wV4vX743ATF” width=’900 ” onmouseover=”alert(12312123312)’]

      This shortcode can be inserted into a new post

      Potential Risks and Real-World Impact

      The potential risks associated with this vulnerability are significant. An attacker could use the compromised contributor account to post malicious content or links, thereby damaging the reputation of the website. Furthermore, if the compromised contributor has higher privileges, the attacker may escalate their access to perform more malicious actions, such as deleting content or gaining administrative control.

      In a real-world scenario, a contributor’s account could be taken over by an attacker who injects a rogue shortcode into a post. Unsuspecting visitors to the site may then fall victim to the XSS attack, leading to a breach of their personal data or exposure to harmful content.

      1. Unauthorized Data Access:
        Attackers could exploit the XSS vulnerability to steal sensitive user data, such as login credentials or personal information.
      2. Cookie Theft:
        Malicious scripts could hijack user cookies, leading to unauthorized access to user accounts or session hijacking. After account takeover attacker can insert malicious PHP code on page and it will be RCE.
      3. Malicious Content Distribution:
        Attackers might use the vulnerability to inject harmful content or links into the website, potentially damaging the site’s reputation or spreading malware.

      Recommendations for Improved Security

      To mitigate the risks associated with this vulnerability and enhance overall security, the following measures are strongly advised:

      • Update to the latest version:
        Website administrators should ensure that the WP Matterport Shortcode plugin is updated to the latest patched version, as the vendor may have already addressed this vulnerability.
      • Input Validation and Escaping:
        Plugin developers must implement robust input validation and escaping mechanisms to ensure that all user-generated content, including shortcodes, is properly sanitized before rendering on the page.
      • Regular Security Audits:
        Conduct regular security assessments and penetration tests on WordPress installations to identify and remediate potential vulnerabilities proactively.
      • User Privilege Restriction:
        Implement strict access controls to ensure that users can only access information that they are authorized to view based on their roles and permissions.
      • User Awareness:
        Educate website administrators and users about the risks of sharing sensitive information and the importance of strong, unique passwords.

      By following these recommendations, website owners can reduce the risk of XSS attacks and enhance the overall security posture of their WordPress installations.

      Use CleanTalk solutions to improve the security of your website

      Dmitrii i.

      If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


      Check my website

    • Plugin Security Certification: “WP Reset” – Version 1.97: Fortifying WordPress Security

      Plugin Security Certification: “WP Reset” – Version 1.97: Fortifying WordPress Security

      In the realm of WordPress development, security is paramount. Enter the “WP Reset” plugin, specifically version 1.97, which stands as a testament to the importance of safeguarding your WordPress site against vulnerabilities. In this article, we delve into how this plugin not only empowers users to reset their website but does so with a heightened focus on security, earning it the coveted “Plugin Security Certification” badge from CleanTalk.

      Name of PluginWP Reset – Most Advanced WordPress Reset Tool
      Version1.97
      DescriptionA powerful plugin that provides advanced site database resetting in WordPress while prioritizing security.
      SecurityBoasts robust security measures, including snapshots for one-click restoration and fail-safe mechanisms to prevent data loss.
      CleanTalk CertificationEarned the esteemed “Plugin Security Certification” badge from CleanTalk, highlighting its commitment to security.
      Additional InformationUsers are encouraged to update to the latest version for enhanced security.
      Plugin Security Certification by CleanTalk

      Understanding WP Reset’s Security Measures

      WP Reset” is more than just a reset tool; it’s a guardian of your WordPress site’s security. It allows you to reset your site’s database to its default installation values without altering any core files. This core principle ensures that your website remains unscathed while providing the much-needed reset functionality.

      Robust Security Features

      What sets “WP Reset” apart is its unwavering commitment to security. It incorporates several key security features:

      • Built-in Snapshots: “WP Reset” introduces the concept of snapshots, offering a one-click restore function. Snapshots serve as checkpoints, allowing you to revert to previous states of your site effortlessly. This feature not only enhances convenience but also ensures that your data is never at risk.
      • Fail-Safe Mechanisms: Multiple fail-safe mechanisms are in place, preventing accidental data loss. Whether you’re a novice or an experienced developer, “WP Reset” guarantees that you won’t unintentionally jeopardize your website’s data.

      The Significance of “Plugin Security Certification”

      “WP Reset” has garnered recognition in the form of the “Plugin Security Certification” badge from CleanTalk. This certification is a testament to the plugin’s unwavering commitment to security. It signifies that “WP Reset” adheres to stringent security standards, assuring users of its reliability and trustworthiness.

      Why WP Reset Is Essential for WordPress Security

      The “WP Reset” plugin version 1.97 stands as a formidable ally in the battle against WordPress vulnerabilities. Its security measures make it indispensable for:

      • Developers: By offering a clean slate, “WP Reset” streamlines development, ensuring that developers work with confidence and efficiency.
      • Testers: For those tasked with testing themes, plugins, or customizations, “WP Reset” simplifies the process, allowing for thorough evaluation without the risk of data loss.

      Conclusion

      “WP Reset” version 1.97 isn’t just a reset tool; it’s a security stronghold. Its ability to reset your site while safeguarding your data has earned it the “Plugin Security Certification” badge from CleanTalk. Whether you’re a developer, a tester, or a WordPress enthusiast, “WP Reset” ensures that you can confidently experiment and develop, knowing that your site’s security is in safe hands.

      With its advanced security features and one-click restoration capabilities, “WP Reset” provides peace of mind in an ever-evolving WordPress landscape.

      Note: The date and certification information may change over time. We recommend verifying the latest details on the plugin developer’s website.

    • Improving Security on WordPress with CleanTalk HTTP Response Headers

      Improving Security on WordPress with CleanTalk HTTP Response Headers

      Securing your WordPress website is a critical aspect of website maintenance. In this article, we will explore how using the “Send additional HTTP headers” option from CleanTalk can help bolster your site’s security. We’ll delve into three crucial HTTP headers: “X-Content-Type-Options,” “X-XSS-Protection,” and “Strict-Transport-Security.” We will understand how they work and the benefits they bring to your site’s security.

      1. Header “X-Content-Type-Options”

      What Is It?

      The “X-Content-Type-Options” header is a mechanism designed to prevent certain types of attacks related to file types on your site.

      How Does It Work?

      This header, with the “nosniff” parameter, instructs the browser to strictly adhere to the Content-Type specified in the header. If the browser detects a mismatch between the actual file type and the one specified in the header, it can block script execution and prevent the download of potentially malicious files.

      Benefits for Your Site

      Setting the “X-Content-Type-Options” header with the “nosniff” parameter helps prevent attacks such as MIME-type attacks and drive-by downloads, safeguarding your users from potentially harmful files.

      2. Header “X-XSS-Protection”

      What Is It?

      The “X-XSS-Protection” header is designed to combat cross-site scripting (XSS) attacks.

      How Does It Work?

      This header enables built-in protection against XSS in modern browsers. If the browser detects a potentially malicious script on a page, it can automatically prevent its execution.

      Benefits for Your Site

      The “X-XSS-Protection” header helps protect your site and users from XSS attacks by preventing the injection of malicious scripts, thus keeping data secure.

      3. Header “Strict-Transport-Security”

      What Is It?

      The “Strict-Transport-Security” (HSTS) header ensures your site’s data is secure during transmission.

      How Does It Work?

      HSTS requires the browser to establish only secure (HTTPS) connections with your site, even if a user attempts to connect via insecure HTTP. This prevents attacks related to data interception.

      Benefits for Your Site

      Utilizing the “Strict-Transport-Security” header helps ensure the security of your site’s data and protects users from potential attacks associated with data interception.

      Conclusion

      Configuring HTTP headers on your WordPress site using the “Send additional HTTP headers” option from CleanTalk can significantly enhance your site’s security. The “X-Content-Type-Options,” “X-XSS-Protection,” and “Strict-Transport-Security” headers provide robust protection mechanisms against various types of attacks. Remember to stay updated and regularly assess your site’s security to ensure reliability and protection for your users.

      If you are seeking solutions to enable security headers and safeguard your website, look no further than Security by CleanTalk. Elevate your WordPress security effortlessly with these essential headers by choosing Security by CleanTalk.

      Security by Cleantalk
    • Plugin Security Certification: “File Manager Pro” — Filester Version 1.8.1: Enhanced Security

      Plugin Security Certification: “File Manager Pro” — Filester Version 1.8.1: Enhanced Security

      Security is paramount in the world of WordPress plugins, and we are excited to bring you the latest on the “File Manager Pro — Filester” plugin version 1.8.1. In this article, we delve into the recent security improvements in this plugin, highlighting its enhanced safety. We’ll also touch on a previous vulnerability, CVE-2023-4827, which has now been addressed.

      Name of PluginFile Manager Pro – Filester
      Version1.8.1
      DescriptionAdvanced file manager for managing files and directories in WordPress.
      SecuritySuccessfully tested for SQL Injections, XSS Attacks, CSRF Attacks, Authentication Vulnerabilities, Authentication Bypass Vulnerabilities, Privilege Escalation Vulnerabilities, Buffer Overflow Vulnerabilities, Denial-of-Service (DoS) Vulnerabilities, Data Leakage Vulnerabilities, Insecure Dependencies, Code Execution Vulnerabilities, Privilege Escalation Vulnerabilities, File Unauthorized Access Vulnerabilities, Insufficient Injection Protection, and Information Leakage Vulnerabilities.
      CleanTalk CertificationReceived the “Plugin Security Certification” badge from CleanTalk.
      Additional InformationIt’s advisable to verify the most up-to-date information on the plugin developer’s website.
      Plugin Security Certification by CleanTalk

      “File Manager Pro — Filester” is a versatile WordPress plugin designed to provide a comprehensive file management system within your WordPress dashboard. It empowers users to efficiently upload, organize, and manage files and directories, making it an indispensable tool for website administrators.

      Key features of “File Manager Pro — Filester” include:

      • Easy-to-use file and folder management.
      • Drag-and-drop file uploads.
      • Comprehensive file editing capabilities.
      • Support for various file formats.
      • User-friendly interface.

      Addressing CVE-2023-4827 Vulnerability

      Previously, the “File Manager Pro” plugin was associated with a vulnerability known as CVE-2023-4827, which pertained to Remote Code Execution via CSRF. However, we are pleased to inform you that the plugin developers have been proactive in addressing this issue. With the release of version 1.8.1, the vulnerability CVE-2023-4827 has been thoroughly patched, ensuring that your website remains secure.

      Enhanced Security Measures

      The “File Manager Pro — Filester” plugin version 1.8.1 introduces enhanced security measures to protect your WordPress website. These measures encompass a range of security aspects, including but not limited to:

      • Protection against common web application vulnerabilities.
      • Regular security audits and code reviews.
      • Prompt addressing of reported security concerns.
      • Staying up-to-date with WordPress security best practices.

      Conclusion

      The “File Manager Pro — Filester” plugin version 1.8.1 is now more secure than ever, with the CVE-2023-4827 vulnerability effectively mitigated. Website administrators can confidently utilize this plugin to streamline file management within their WordPress websites. Security remains a top priority, and the plugin’s developers are dedicated to maintaining a safe environment for users.

      Please ensure you update to the latest version (1.8.1) to benefit from these security enhancements. As always, we recommend regular updates to keep your WordPress plugins and themes secure.

      Note: The date and version information may change over time. It is advisable to verify the latest details on the plugin developer’s website.