The PowerPress plugin, which allows WordPress users to publish and manage podcasts, was found to contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability allowed authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages, using the plugin’s shortcode, potentially leading to the theft of sensitive information, manipulation of site content, or redirection of users to malicious websites. The vulnerability was fully addressed in version 10.0.2 of the plugin, the latest version is 10.0.7. and all Wordfence users are fully protected against it. However, users are urged to update their sites to the latest patched version of PowerPress as soon as possible to ensure continued security. The vulnerability was disclosed responsibly by the Wordfence Threat Intelligence team, and the PowerPress development team responded swiftly with a patch release.

Key Takeaways:

• The PowerPress plugin, actively installed on over 50,000 WordPress websites, had a stored Cross-Site Scripting (XSS) vulnerability in versions 10.0 and earlier.
• Threat actors with contributor-level permissions or higher could inject malicious web scripts into pages using the plugin’s shortcode.
• The vulnerability has been fully addressed in version 10.0.2 of the plugin, which was released by the developer after prompt disclosure by the Wordfence Threat Intelligence team.
• Currently, the latest version is 10.0.7.

Link to Research Report: https://www.cyfirma.com/outofband/exploiting-the-powerpress-10-0-stored-cross-site-scripting-vulnerability-cve-2023-1917/

https://www.cyfirma.com/