{"id":35318,"date":"2024-11-01T12:36:01","date_gmt":"2024-11-01T07:06:01","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=35318"},"modified":"2024-12-17T14:09:00","modified_gmt":"2024-12-17T08:39:00","slug":"stored-xss-vulnerability-in-bodi0","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/vulnerability\/stored-xss-vulnerability-in-bodi0\/","title":{"rendered":"Stored XSS Vulnerability in bodi0\u2019s Easy Cache Plugin"},"content":{"rendered":"<div class=\"gb-container gb-container-e43a8917\">\n\n<p class=\"wp-block-paragraph\"><strong>Product Name:<\/strong> bodi0&#8217;s Easy Cache<br><strong>Vulnerability:<\/strong> Stored XSS<br><strong>Vulnerable Version: <\/strong>0.8<br><strong>CVE:<\/strong> CVE-2024-12628<\/p>\n\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><br>On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0\u2019s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">stored XSS vulnerability<\/a> occurs when an application allows malicious user input, stored without proper sanitization and accessible to other application users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Does_a_Stored_XSS_Vulnerability_Occur\"><\/span>How Does a Stored XSS Vulnerability Occur?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Stage 1: Injection<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The first stage starts with the attacker injecting malicious payloads or scripts into the application using various methods, such as Injecting code into various input fields. This can also be achieved by uploading files injected with malicious payloads.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Stage 2: Storage:<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The malicious code is stored within the application\u2019s data storage, such as databases, file systems, cookies, or session data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Stage 3: Retrieval and Execution:<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Every time a user visits the page where the payload or infected file is stored or loaded, the code is executed within the user\u2019s browser.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This can lead to vulnerabilities and threats like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attackers obtain sensitive information like session tokens or user credentials stored in the cookies.<\/li>\n\n\n\n<li>Attackers can redirect valid users to malicious websites to try and steal sensitive information.<\/li>\n\n\n\n<li>Attackers can execute arbitrary code on the user\u2019s machine to find sensitive information or download malware\/<a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/ransomware-attacks\/\">ransomware<\/a>, etc.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Impact_of_Stored_XSS_Vulnerability\"><\/span><strong>Impact of Stored XSS Vulnerability<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Session Compromise<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">After a successful injection, attackers can target any users who visit the affected page, causing issues like Cookie Theft or Session Hijacking, where user session information is stolen and a valid user is impersonated. This can also lead to account takeovers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Malware and Ransomware Propagation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike reflected XSS, stored XSS is persistent and can be used for malware and ransomware deployment. Once the payload is stored, malicious scripts affect any user accessing the vulnerable page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Website Defacement<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Malicious scripts can modify the content on web pages and presenting misleading information or making it hard for the users to identify malicious content and engage with it. Attackers can also inject advertisements on the web pages and disrupting user experience.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Current_Status\"><\/span>Current Status<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Upon discovering the vulnerability in bodi0s easy-cache plugin, we promptly notified the platform\u2019s developers, providing possible solutions, such as input sensitization, output encoding (HTML encoding) at the server side, and more, that they may implement to avoid any potential exploitation of user data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Currently, they are working on implementing a patch while formulating a long-term solution for the vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_can_you_do\"><\/span>What can you do?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Update the affected version to the latest version once released by the <a href=\"https:\/\/wordpress.org\/plugins\/bodi0s-easy-cache\/\" target=\"_blank\" rel=\"noopener\">bodi0s-easy-ca<\/a><a href=\"https:\/\/wordpress.org\/plugins\/bodi0s-easy-cache\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">c<\/a><a href=\"https:\/\/wordpress.org\/plugins\/bodi0s-easy-cache\/\" target=\"_blank\" rel=\"noopener\">he<\/a> team.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Product Name: bodi0&#8217;s Easy CacheVulnerability: Stored XSSVulnerable Version: 0.8CVE: CVE-2024-12628 On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0\u2019s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server &#8230; <a title=\"Stored XSS Vulnerability in bodi0\u2019s Easy Cache Plugin\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/vulnerability\/stored-xss-vulnerability-in-bodi0\/\" aria-label=\"Read more about Stored XSS Vulnerability in bodi0\u2019s Easy Cache Plugin\">Read more<\/a><\/p>\n","protected":false},"author":121,"featured_media":35314,"comment_status":"open","ping_status":"0","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[723],"tags":[],"class_list":["post-35318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/121"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=35318"}],"version-history":[{"count":4,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35318\/revisions"}],"predecessor-version":[{"id":36461,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35318\/revisions\/36461"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/35314"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=35318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=35318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=35318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}