WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)

Technical Description:
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions 
up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do 
not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, 
with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user 
accesses the injected page.

Source: https://www.exploit-db.com/exploits/51020

weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin

On July 9, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges by updating user metadata.

All Wordfence users received protection on August 12, 2023.

Wordfence contacted weDevs on July 11, 2023, and received a response on July 16, 2023. After providing full disclosure details, the developer released a patch on July 24, 2023. We would like to commend the weDevs development team for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of WP Project Manager, which is version 2.6.5 at the time of this writing, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2023/08/wedevs-addresses-privilege-escalation-vulnerability-in-wp-project-manager-wordpress-plugin/

WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin

On June 8, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an attacker to gain access to the accounts of users who have orders. These users are typically customers but can include other high-level users when the right conditions are met.

All WordFence users received a firewall rule to protect against any exploits targeting this vulnerability on by July 19, 2023.

WordFence contacted WebToffee on June 8, 2023, and received a response the next day. After providing full disclosure details, the developer released a patch on June 13, 2023. We would like to commend the WebToffee development team for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Stripe Payment Plugin for WooCommerce, version 3.7.8 at the time of this writing, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2023/08/webtoffee-addresses-authentication-bypass-vulnerability-in-stripe-payment-plugin-for-woocommerce-wordpress-plugin/

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.

The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites.

A brief description of each of the vulnerabilities is below –

  • CVE-2023-37979 (CVSS score: 7.1) – A POST-based reflected cross-site scripting (XSS) flaw that could allow any unauthenticated user to achieve privilege escalation on a target WordPress site by tricking privileged users to visit a specially crafted website.
  • CVE-2023-38386 and CVE-2023-38393 – Broken access control flaws in the form submissions export feature that could enable a bad actor with Subscriber and Contributor roles to export all Ninja Forms submissions on a WordPress site.

Users of the plugin are recommended to update to version 3.6.26 to mitigate potential threats.

Source: https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html