WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968

Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages

Key Information:

  • Software Type: Plugin
  • Software Slug: wplegalpages
  • Software Status: Active
  • Software Author: wpeka-club
  • Software Downloads: 585,699
  • Active Installs: 20,000
  • Last Updated: October 10, 2023
  • Patched Versions: 2.9.3
  • Affected Versions: <=2.9.2

Vulnerability Details:

  • Name: WPLegalPages <= 2.9.2 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
  • Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CVE: CVE-2023-4968
  • CVSS Score: 5.5 (Medium)
  • Publicly Published: October 10, 2023
  • Researcher: Lana Codes
  • Description: The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Summary:

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages for WordPress has a vulnerability in versions up to and including 2.9.2 that allows attackers with author-level and above permissions to inject arbitrary web scripts into pages. This vulnerability has been patched in version 2.9.3.


Detailed Overview:

The vulnerability was discovered by researcher Lana Codes and pertains to the 'wplegalpage' shortcode used by the WPLegalPages plugin. Due to a lack of proper input sanitization and output escaping on user-supplied attributes, attackers who have access as an author or higher can exploit this flaw. When exploited, the vulnerability allows for the injection of arbitrary web scripts which would then be executed whenever a user accesses an injected page, posing potential risks such as data theft, malware injection, or site defacement.


Advice for Users:

  • Immediate Action: All users are strongly encouraged to update to the patched version 2.9.3 immediately to secure their WordPress installations.
  • Check for Signs of Vulnerability: Regularly monitor your website's source code for any unexpected or malicious scripts. Additionally, consider using security plugins that can detect and notify about potential compromises.
  • Alternate Plugins: While a patch is available, users might still consider other plugins that offer similar functionality as a precaution.
  • Stay Updated: Always ensure that your plugins are updated to the latest versions to avoid vulnerabilities.

Conclusion:

The prompt response from the plugin developers to patch this vulnerability underscores the importance of timely updates. Users are advised to ensure that they are running version 2.9.3 or later to secure their WordPress installations.


References:


Detailed Report:

A serious vulnerability has been discovered in the popular WordPress plugin WPLegalPages that could put thousands of websites at risk of compromise. This plugin is used by over 20,000 active sites to easily generate privacy policies, terms pages, and other legal pages.

In versions up to and including 2.9.2, WPLegalPages contains a stored cross-site scripting (XSS) vulnerability tracked as CVE-2023-4968. This allows attackers with author-level access or higher to inject malicious JavaScript into vulnerable pages that will execute when visited by users.

WPLegalPages is a plugin created by wpeka-club and has over 585,000 total downloads. The vulnerable versions contain a flaw in the 'wplegalpage' shortcode due to insufficient sanitization of user-supplied input. Attackers can exploit this to inject arbitrary scripts that will be stored and served to visitors.

This is considered a medium severity vulnerability with a CVSS base score of 5.5 out of 10. Potential impacts include data theft, credential stealing, malware injection, and site defacement.

The good news is the developers have patched the issue in version 2.9.3. All users of WPLegalPages should update immediately to protect their sites. Be sure to check your installed version by going to Plugins > Installed Plugins.

You should also monitor your site's code for any unexpected scripts that could signal exploitation. WordPress security plugins can automatically check for and notify you of potential compromises. As a precaution, consider alternatives to WPLegalPages as well.

This is the third vulnerability found in WPLegalPages since August 2015, highlighting the risks of plugins for WordPress sites. The plugin ecosystem requires constant vigilance and timely patching.

For small business owners on WordPress, this incident underscores the importance of keeping plugins updated, limiting plugins to those absolutely needed, and taking proactive security measures. With the right awareness and precautions, you can avoid leaving your website and customers exposed.

Don't tackle WordPress security alone - the consequences of a breach are too great. At Your WP Guy, our managed WordPress maintenance services include layers of protection like auto-updates, malware scanning, firewalls and 24/7 monitoring by WordPress experts. We become your outsourced IT team.

Let's chat about migrating your site to our managed hosting so you can finally stop worrying about security issues. We'll fully audit and lock down your site as part of onboarding. Call us at 678-995-5169 to keep your business safe online.

WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968 FAQs

Leave a Comment