CVE-2023-5252 - FareHarbor WordPress Plugin Stored XSS Vulnerability in Shortcodes up to Version 3.6.7

Security researchers have discovered a Stored Cross-Site Scripting (XSS) vulnerability in the FareHarbor plugin for WordPress. The affected versions of the plugin are up to, and including, 3.6.7. This vulnerability, identified as CVE-2023-5252, is caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level and above permissions can exploit this vulnerability to inject arbitrary web scripts in pages. These injected scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized access, session hijacking or data theft.

Original References

- CVE-2023-5252 Description on CVE List
- FareHarbor WordPress Plugin Official Page

Exploit Details

The vulnerability exists in the FareHarbor plugin's handling of shortcodes, which are used to enable advanced features and functionality in WordPress. When a user with contributor-level or above permissions creates or modifies a page or post, they can insert shortcodes with user-supplied attributes.

In the FareHarbor plugin, the affected shortcode is as follows

[fareharbor type="..."]

The attacker can craft a malicious shortcode by injecting arbitrary web scripts like the following example:

[fareharbor type="<script>alert('XSS')</script>"]

When a user accesses the page containing the injected shortcode, the malicious script will execute due to insufficient input sanitization and output escaping on user-supplied attributes.

Affected Versions

FareHarbor plugin versions up to, and including, 3.6.7 are vulnerable to this Stored XSS exploit.

Impact

This Stored XSS vulnerability can have a severe impact, as it may lead to unauthorized access to sensitive user data, session hijacking or data theft. Malicious actors can extract personal information, manipulate data, and even take over administrative control of affected WordPress installations.

Recommendations

It is strongly recommended that users of the FareHarbor plugin upgrade to the latest version, which addresses the Stored XSS vulnerability. Furthermore, WordPress administrators should ensure that their users have minimal necessary permissions to prevent potential exploitation by malicious actors.

Conclusion

CVE-2023-5252 is a critical Stored XSS vulnerability affecting the FareHarbor WordPress plugin. Administrators should ensure that their installations are protected by upgrading the plugin to the latest version and checking user permissions. By taking these steps, website owners can mitigate the risk of unauthorized access, data theft, and other potential consequences of a successful exploit.

Remember always to keep your plugins up-to-date, and follow security best practices to prevent your WordPress website from being compromised.

Timeline

Published on: 10/30/2023 14:15:09 UTC
Last modified on: 11/08/2023 02:12:53 UTC