The vulnerability occurs when the unfiltered_html capability is disabled, but the sanitization of the plugin settings is not done. In this case, a high privilege user could inject malicious code or cause a denial-of-service attack to any website using the Autoptimize WordPress plugin. The following example shows how a high privilege user (in this case admin) could perform a cross-site scripting attack by injecting code into the “Unfiltered HTML” setting of an active theme: 1. Go to a theme’s “Settings” page.
2. Click the “Unfiltered HTML” setting.
3. Type some malicious code into the setting box.
4. Click “Save”. The following example shows how a high privilege user (in this case admin) could perform a cross-site scripting attack by injecting code into the “Unfiltered HTML” setting of an active plugin: 1. Go to the “Settings” page of an active plugin.
2. Click the “Unfiltered HTML” setting.
3. Type some malicious code into the setting box.
4. Click “Save”.
Recommended Steps to Mitigate
Disable the unfiltered_html capability.
Set the following sanitization settings: AddTrustedDomains, EnableFilters, and Sanitize.
How do I know if my site is vulnerable?
If your website is running on a WordPress platform and the unfiltered_html capability is disabled, but the sanitization of the plugin settings is not done, then your site could be vulnerable. In general, if you have any questions about whether your website is vulnerable to this vulnerability, please contact Autoptimize for more information.
Timeline
Published on: 09/16/2022 09:15:00 UTC
Last modified on: 09/20/2022 15:42:00 UTC