In order to prevent attacks on the websites, it is essential that we need to be aware of the vulnerabilities associated with Content Management System (CMS) that we use. Among all the available Content Management System software, WordPress is the most easiest and popular blogging & website CMS available today, as it has features like plugin and template systems. It is an Open Source CMS based on PHP and Mysql.
Recently, it has been reported that current versions of WordPress are vulnerable to a stored XSS. Cross-site Scripting or XSS is a type of attack using malicious scripts that are injected in to web pages. This security vulnerability accounts for typically 87% of all security vulnerabilities and the malicious contents can be delivered in a number of ways.
In reflected cross-site scripting (XSS), the attacker can trick you into clicking a malicious link. The attacker injects browser executable code within a single HTTP response. It means that the injected attack is not stored within the application itself. Reflected XSS is also sometimes referred to as Non-Persistent.
In stored Cross-site Scripting (XSS) malicious contents are stored permanently on the target servers such as database, comment field, message forum etc. So the malicious script is retrieved when the stored information is requested from the server. Stored XSS is also referred to as Persistent XSS.
How to test if a site is Vulnerable to XSS?
Testing the XSS vulnerability of a website is quite easy. We can test it by modifying a current parameter that is sent in the HTTP GET request. For example, first use the following example in the browser to print a welcome page for a person John:
This URL is modified to add an extra parameter as shown below:
http://domain.com/index.html?name=<script>alert (‘You just found a XSS vulnerability’)</script>
If the parameter name is not even validating and returning the page as ‘You just found an XSS vulnerability’, then the site is vulnerable to XSS. There are various methods to test XSS vulnerability and this is only one among the few known methods.
Reference Link: http://klikki.fi/adv/wordpress2.html
Vulnerable versions are: WordPress 4.2, 4.1.2, 4.1.1, 3.9.3.
Patch for the vulnerability is available in WordPress 4.2.1.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly recommend updating to this version.