CVE-2023-23702 – Simple Steps to Exploit the Stored Cross-Site Scripting (XSS) Vulnerability in Pixelgrade Comments Ratings Plugin <= 1.1.7 Versions

Hey folks! I hope you all are doing well. Today, I'll disclose a critical security vulnerability in one of the popular WordPress plugins, the Pixelgrade Comments Ratings plugin. The affected versions, which are below or equal to 1.1.7, contain a Stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject malicious scripts within the authenticated (admin or higher) section of a WordPress site.

For those who are unfamiliar, the Pixelgrade Comments Ratings plugin is responsible for allowing users to rate content creators’ blog posts using stars, hearts, or other emojis.

Original References

This vulnerability was initially reported by Security Researcher John Doe (pseudonym) on DATE. For more information, you can check out their original advisory here: LINK_TO_ORIGINAL_ADVISORY.

The vulnerability has been assigned a CVE number: CVE-2023-23702

Exploit Details

The Stored XSS vulnerability exists due to improper input sanitization of the "rating_type" parameter when an admin configures the plugin settings (in the back-end). By crafting a specially encoded payload/script, an attacker can bypass the built-in protection and easily execute arbitrary JavaScript on the target website.

Here is an example payload that demonstrates how the XSS payload can be delivered

<script>alert('XSS')</script>

For demonstration purposes, let's say that an attacker wants to target the admin area of a WordPress site running the vulnerable version of the Pixelgrade Comments Ratings plugin. The attacker can create a specially crafted URL, like the following:

https://target_website.com/wp-admin/admin.php?page=plugin-settings&tab=general&settings-updated=true&rating_type=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E

When the admin user visits the URL, the XSS payload will be executed, and an alert with the message "XSS" will pop up on the admin's screen. The attacker can then use this as a starting point to gain further access to sensitive parts of the website or perform additional attacks.

Mitigation Steps

To protect yourself or your WordPress site against this vulnerability, I strongly recommend that you take the following steps:

1. Update the Pixelgrade Comments Ratings plugin to the latest version (1.1.8 or higher) as soon as possible.

Regularly update all other WordPress plugins, themes, and the core installation.

3. Install a security plugin, such as Wordfence or Sucuri, to add an additional layer of protection to your WordPress website.

Conclusion

In summary, the vulnerability CVE-2023-23702 allows an attacker to exploit stored XSS in the Pixelgrade Comments Ratings plugin, putting any WordPress site running a vulnerable version at risk.

By being vigilant and keeping the software up-to-date, we can protect our websites from potential harm. Remember, cybersecurity is an ongoing process, and it is crucial to stay informed and proactive in safeguarding our online presence.

Timeline

Published on: 11/06/2023 10:15:00 UTC
Last modified on: 11/14/2023 15:27:00 UTC