WordPress Plugin Slimstat Version <= 4.8 Vulnerable to XSS
Contents of This Guide
Current Status of the Risk in Slimstat WordPress Plugin
Below are the technical details of the XSS found in Slimstat,
Slimstat WordPress Plugin Vulnerability Details
An access log allows a user to have details of access requests on his website, it generally includes specifics like IP address, server details, hosting details, etc.
In Slimstat, any malicious user could inject arbitrary code on the plugin access log. This will get executed once an admin logs in.
Most importantly, this plugin has only one sanitization method, i.e. strip_tags, which only removes tags from an inserted plugin value. This sanitization criterion can easily be fooled by using a single quote and then adding an event handler.
Here is how the image is generated for the plugins, where $a_plugin is the plugin:
As a result of which, there occurs an error (shown in the picture) as plugin’onerror’. Since the request could not be executed, it gets stored in as a potential XSS vulnerability.
Update to Mitigate the Risk of Slimstat Exploit
In cases of vulnerable plugin situations, you can hardly do anything other than updating the version and having all preventive security measures handy. Other than updating, having a continuous and comprehensive Web Firewall that blocks XSS, SQLi, CSRF, and other common cyber attacks. Astra offers one such firewall, that will monitor, block and report any attempted attacks on your website. Click here to get an Astra demo now.