Request a Demo
Rewterz
Rewterz Threat Alert – AsyncRAT – Active IOCs
October 23, 2023
Rewterz
Rewterz Threat Update – D-Link Employee Targeted in Phishing Attack Resulting in Data Breach
October 23, 2023

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-5070 CVSS:6.5

Social Media Share Buttons & Social Sharing Icons plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the sfsi_save_export function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-5071 CVSS:6.4

Sitekit plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sitekit_iframe shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5086 CVSS:6.4

Copy Anything to Clipboard plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the copy shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5120 CVSS:5.5

WPvivid Backup & Migration plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin settings. A remote authenticated attacker could exploit this vulnerability using the the image file path parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5109 CVSS:6.4

WP Mailto Links plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the wpml_mailto shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5121 CVSS:5.5

WPvivid Backup & Migration plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin settings. A remote authenticated attacker could exploit this vulnerability using the the backup path parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5200 CVSS:6.4

FlowPaper plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the flipbook shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5231 CVSS:6.4

Magic Action Box plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5292 CVSS:6.4

Advanced Custom Fields: Extended plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the acfe_form shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5308 CVSS:6.4

Podcast Subscribe Buttons plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the podcast_subscribe shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5337 CVSS:6.4

Contact Form For All plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the formforall shortcode. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5414 CVSS:4.9

Icegram Express plugin for WordPress could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the show_es_logs function. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

  • Cross-Site Scripting
  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2023-5070
  • CVE-2023-5071
  • CVE-2023-5086
  • CVE-2023-5120
  • CVE-2023-5109
  • CVE-2023-5121
  • CVE-2023-5200
  • CVE-2023-5231
  • CVE-2023-5292
  • CVE-2023-5308
  • CVE-2023-5337
  • CVE-2023-5414

Affected Vendors

WordPress

Affected Products

  • UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin for WordPress 2.8.5
  • webvitaly Sitekit plugin for WordPress 1.4
  • Mahesh M. Waghmare Copy Anything to Clipboard plugin for WordPress 2.6.4
  • WPvivid Team WPvivid Backup & Migration plugin for WordPress 0.9.89
  • Ironikus WP Mailto Links plugin for WordPress 3.1.3
  • Devaldi Ltd flowpaper plugin for WordPress 2.0.3
  • LLC Magic Action Box plugin for WordPress 2.17.2
  • ACF Extended Advanced Custom Fields: Extended plugin for WordPress 0.8.9.3
  • SecondLine Themes Podcast Subscribe Buttons plugin for WordPress 1.4.8
  • FormForAll Contact form Form For All plugin for WordPress 1.2
  • Icegram Express plugin for WordPress 5.6.23

Remediation

Refer to WordPress Plugin Directory for patch, upgrade or suggested workaround information.

CVE-2023-5070

CVE-2023-5071

CVE-2023-5086

CVE-2023-5120

CVE-2023-5109

CVE-2023-5121

CVE-2023-5200

CVE-2023-5231

CVE-2023-5292

CVE-2023-5308

CVE-2023-5337

CVE-2023-5414