0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress PowerPress 10.0 Cross Site Scripting Vulnerability
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode. All Wordfence Premium, Wordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection. We contacted Blubrry on April 6, 2023, and promptly received a response. After providing full disclosure details, the developer released a patch on April 10, 2023. We commend the PowerPress development team for their swift response and timely patch release. We urge users to update their sites with the latest patched version of PowerPress, version 10.0.4 at the time of this writing, as soon as possible. This email content has also been published on our blog and you're welcome to post a comment there if you'd like to join the conversation. Or you can read the full post in this email. Vulnerability Summary From Wordfence Intelligence Title: PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Plugin: PowerPress Plugin Slug: powerpress Affected Versions: <= 10.0 CVE ID: CVE-2023-1917 CVSS Severity Score: 5.4 (Medium) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Researcher: Alex Thomas Fully Patched Version: 10.0.2 Technical Analysis PowerPress is a plugin that allows WordPress users to publish and manage podcasts. It provides a shortcode ([powerpress]) that allows users to display the PowerPress player on a WordPress page. However, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. A closer examination of the code reveals that the ‘powerpress_shortcode_handler’ function did not adequately sanitize user-supplied input and a number of functions (for various podcast player options) that utilize the shortcode attributes did not adequately escape output. The powerpress_shortcode_handler function The powerpress_shortcode_handler function The powerpress_generate_embed function creates an iframe using unescaped shortcode attributes. The powerpress_generate_embed function creates an iframe using unescaped shortcode attributes. This makes it possible for threat actors to carry out stored XSS attacks. Once a script is injected, it will execute each time a user accesses the affected page. Threat actors could potentially steal sensitive information, manipulate site content, or redirect users to malicious websites. Disclosure Timeline April 5, 2023 – Wordfence Threat Intelligence team discovers the stored XSS vulnerability in PowerPress and initiates responsible disclosure. April 6, 2023 – We get in touch with the development team at Blubrry and send full disclosure details. April 7, 2023 – The vendor acknowledges the report and begins working on a fix. April 10, 2023 – The fully patched version, 10.0.1, is released. April 11, 2023 – Wordfence confirms the fix addresses the vulnerability. April 14, 2023 – Blubrry releases an additional patch (version 10.0.2) to address a workaround Conclusion In this blog post, we have detailed a stored XSS vulnerability within the PowerPress plugin affecting versions 10.0 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page. The vulnerability has been fully addressed in version 10.0.2 of the plugin. We encourage WordPress users to verify that their sites are updated to the latest patched version of PowerPress. All Wordfence users, including those running Wordfence Premium, Wordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability. If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk. For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard. # 0day.today [2024-11-16] #