This POC code is available in Chameleon source code. This XSS vulnerability is due to lack of input validation on certain parameters. An attacker can inject malicious code in the website and get access to administrator account via this XSS. Plugins like Jetpack, Contact Form 7, and Google Analytics are widely used. If you use any of these plugins on your website, then it is recommended to upgrade them as soon as possible. Stored XSS vulnerability in Chameleon plugin.
Chameleon Stored XSS Vulnerability
The vulnerability lies in the stored XSS vulnerability in Chameleon plugin. This vulnerability is caused due to lack of input validation on certain parameters by a user. An attacker can inject malicious code in the website and get access to administrator account via this XSS. The following are some of the impacts of this vulnerability:
- A hacker can use this vulnerability to gain administrator privileges on an affected website for themselves or for others
- User data could be stolen as well
- Account information may also be exposed to hackers if not secured properly
- Malicious actors could exploit vulnerabilities on websites that use this plugin
Chameleon Stored XSS Vulnerability
Chameleon is a very popular WordPress plugin that is widely used. The plugin has many security vulnerabilities and this XSS vulnerability is one of them. This vulnerability can be exploited by an attacker to inject malicious code in the website and get access to administrator account via this XSS.
The affected parameter of the POC code:
$post = $this->get_post();
$requested_id = 0;
If an attacker sends a request with the following parameter:
"action=edit&post_id=$requested_id"
then the vulnerable code will execute. So, it is recommended to upgrade your Chameleon plugin as soon as possible.
Another important point is that Chameleon plugin supports Jetpack and Contact Form 7 plugins, so if you are using any of these two plugins on your website, then it's recommend that you upgrade them too.
Chameleon – Stored XSS vulnerability
Chameleon is an open source framework that integrates with WordPress to speed up and simplify web development tasks. One of the many plugins used by Chameleon is Contact Form 7.
In this blog post, I will be discussing a stored cross-site scripting (XSS) vulnerability found in the Chameleon plugin when using Contact Form 7.
Stored XSS in Chameleon plugin
Chameleon plugin is used by many websites. So, it is highly likely that your website has a stored XSS vulnerability in Chameleon plugin.
This POC code can be used to execute a stored XSS attack in the website.
A demonstration of how a user can exploit this vulnerability:
Timeline
Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/18/2022 19:29:00 UTC