Behind the Code: Identifying Zero-Day Exploits in WordPress

Mohamed Azarudheen Mohamed Mohideen, Muhammad Shahroz Nadeem, James Hardy, haider Ali, Umair Ullah Tariq, Fariza Sabrina, Muhammad Waqar, Salman Ahmed

Research output: Contribution to journalArticlepeer-review

21 Downloads (Pure)

Abstract

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats.
Original languageEnglish
Article number256
Pages (from-to)1-22
Number of pages22
JournalFuture Internet
Volume16
Issue number7
Early online date19 Jul 2024
DOIs
Publication statusPublished online - 19 Jul 2024

Bibliographical note

Publisher Copyright:
© 2024 by the authors.

Keywords

  • zero-day vulnerabilities
  • cross-site scripting
  • WordPress plugins
  • dasT
  • keylogger
  • NIST
  • CVE
  • OWASP
  • DAST

Fingerprint

Dive into the research topics of 'Behind the Code: Identifying Zero-Day Exploits in WordPress'. Together they form a unique fingerprint.

Cite this