{"id":1941,"date":"2020-05-08T12:00:49","date_gmt":"2020-05-08T12:00:49","guid":{"rendered":"https:\/\/cwatch.comodo.com\/blog\/?p=1941"},"modified":"2022-11-29T11:11:25","modified_gmt":"2022-11-29T11:11:25","slug":"vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5","status":"publish","type":"post","link":"https:\/\/cwatch.comodo.com\/blog\/website-security\/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5\/","title":{"rendered":"Vulnerability Found in Multiple Stored XSS Form in WordPress Version 1.2.5"},"content":{"rendered":"

On July 28, 2018, analysts in Comodo’s cWatch Web Security team discovered a vulnerability in version 1.2.5 of the WordPress ‘Multiple Stored XSS Form’, which may be used to steal user’s personal data. This issue was caused due to improper sanitization, so the values were stored without proper validation or escaping.<\/p>\n

While risks are common to any XSS, this vulnerability has stored XSS, most dangerous for users of Mondula Multi Step Form Plugin up to 1.2.5 on CDN for WordPress<\/a>. Users concerned they have been exposed to this vulnerability should upgrade to the latest version of plugin.<\/p>\n

More here:
https:\/\/www.owasp.org\/index.php\/Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002)<\/p>\n

Multi Step Form plugin has a drag and drop functionality enabled and a form builder<\/a> that allow for quick and intuitive creation of nice-looking multi step forms. Forms can be embedded on any page or post with short codes. A remote<\/a> attacker can exploit this issue by execute JavaScript code through Reflected XSS attacks.<\/p>\n

Classification<\/h3>\n

Type:<\/strong> Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)<\/p>\n

CWE:<\/strong> CWE-79<\/p>\n

Proof of Concept<\/p>\n

There are multiple stored and reflected XSS vulnerabilities in file class-mondula-multistep-forms-admin.php in fw_wizard_save action. The reason for this involves unsanitized user input from the following parameters:<\/p>\n

\"Data<\/p>\n

Exploiting this vulnerability requires authentication.<\/p>\n

Example:<\/h3>\n

Locate Multi step form<\/a> and enter payload and Save. The values are passed via Ajax \u00e2\u2020\u2019 http:\/\/localhost\/word496\/wp-admin\/admin-ajax.php<\/p>\n

\"Vulnerability\"<\/p>\n

Code Difference<\/h3>\n

https:\/\/plugins.trac.wordpress.org\/changeset?sfp_email=&sfph_mail=&reponame=&new=1919415%40multi-step-form&old=1917502%40multi-step-form&sfp_email=&sfph_mail=<\/p>\n

https:\/\/github.com\/mlooft\/multi-step-form\/commit\/8a89f6deb888abb0ae679841ee96ee8332e5b5bc#diff-13d0709dedfe5ef22b22558c25b54ccf<\/a><\/p>\n

In this case, sanitized values are missing, so the values were stored without proper validation or escaping. Sanitize affected vectors to avoid XSS. Corrected code shown below:<\/p>\n

\"XSS\"<\/p>\n

How to protect yourself (before patching):<\/h3>\n

Comodo Web Application Firewall (CWAF)<\/a><\/b> provides powerful, real-time protection for web applications and websites running on Apache, LiteSpeed and Nginx on Linux. CWAF supports ModSecurity rules, providing advanced filtering, security and intrusion protection.<\/p>\n

Why you need it:<\/h3>\n