In order to prevent attacks on the websites, it is essential that we need to be aware of the vulnerabilities associated with Content Management System (CMS) that we use. Among all the available Content Management System software, WordPress is the most easiest and popular blogging & website CMS available today, as it has features like plugin and template systems. It is an Open Source CMS based on PHP and Mysql.

Recently, it has been reported that current versions of WordPress are vulnerable to a stored XSS. Cross-site Scripting or XSS is a type of attack using malicious scripts that are injected in to web pages. This security vulnerability accounts for typically 87% of all security vulnerabilities and the malicious contents can be delivered in a number of ways.

In reflected cross-site scripting (XSS), the attacker can trick you into clicking a malicious link. The attacker injects browser executable code within a single HTTP response. It means that the injected attack is not stored within the application itself. Reflected XSS is also sometimes referred to as Non-Persistent.

In stored Cross-site Scripting (XSS) malicious contents are stored permanently on the target servers such as database, comment field, message forum etc. So the malicious script is retrieved when the stored information is requested from the server. Stored XSS is also referred to as Persistent XSS.

How to test if a site is Vulnerable to XSS?

Testing the XSS vulnerability of a website is quite easy. We can test it by modifying a current parameter that is sent in the HTTP GET request. For example, first use the following example in the browser to print a welcome page for a person John:

http://domain.com/index.html?name=john

This URL is modified to add an extra parameter as shown below:

http://domain.com/index.html?name=<script>alert (‘You just found a XSS vulnerability’)</script>

If the parameter name is not even validating and returning the page as ‘You just found an XSS vulnerability’, then the site is vulnerable to XSS. There are various methods to test XSS vulnerability and this is only one among the few known methods.

WordPress Vulnerability

Vulnerability to a stored XSS was recently announced in WordPress. Due to this vulnerability, any unauthorised attacker can inject JavaScript in WordPress comments. When triggered by a logged in admin, the attacker can execute any arbitrary code on the server via the plugin and theme editors under default settings. The comment inserted has to be longer than 64 kilobytes. The comment text will be truncated when inserted in the database. The exploits need to get around comment moderation, that is, by posting one harmless comment first before injecting the Javascript. The attacker can change the administrator’s password, create new administrator accounts, or can have the entire administrator access on the target system.

Reference Link: http://klikki.fi/adv/wordpress2.html

Vulnerable versions are: WordPress 4.2, 4.1.2, 4.1.1, 3.9.3.

Patch for the vulnerability is available in WordPress 4.2.1.

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly recommend updating to this version.