WordPress is the most popular Content Management System (CMS) out there, an open source CMS based on PHP and Mysql. It is very popular due to it’s flexibility and easy to use, it has numerous themes and plugins both free and premium, but as we enjoy this great CMS, we should be also wary of the threats our websites could encounter through attacks of various types.

Recently, it has been reported that current versions of WordPress are vulnerable to a stored XSS. Cross-site Scripting or XSS is a type of attack using malicious scripts that are injected in to web pages. This security vulnerability accounts for typically 87% of all security vulnerabilities and the malicious contents can be delivered in a number of ways.

In reflected cross-site scripting (XSS), the attacker can trick you into clicking a malicious link. The attacker injects browser executable code within a single HTTP response. It means that the injected attack is not stored within the application itself. Reflected XSS is also sometimes referred to as Non-Persistent.

In stored Cross-site Scripting (XSS) malicious contents are stored permanently on the target servers such as database, comment field, message forum etc. So the malicious script is retrieved when the stored information is requested from the server. Stored XSS is also referred to as Persistent XSS.

How to test if a site is Vulnerable to XSS?

Testing the XSS vulnerability of a website is quite easy. We can test it by modifying a current parameter that is sent in the HTTP GET request. For example, first use the following example in the browser to print a welcome page for a person John:

http://domain.com/index.html?name=john

This URL is modified to add an extra parameter as shown below:

http://domain.com/index.html?name=<script>alert (‘You just found a XSS vulnerability’)</script>

If the parameter name is not even validating and returning the page as ‘You just found an XSS vulnerability’, then the site is vulnerable to XSS. There are various methods to test XSS vulnerability and this is only one among the few known methods.

WordPress Vulnerability

Vulnerability to a stored XSS was recently announced in WordPress. Due to this vulnerability, any unauthorised attacker can inject JavaScript in WordPress comments. When triggered by a logged in admin, the attacker can execute any arbitrary code on the server via the plugin and theme editors under default settings. The comment inserted has to be longer than 64 kilobytes. The comment text will be truncated when inserted in the database. The exploits need to get around comment moderation, that is, by posting one harmless comment first before injecting the Javascript. The attacker can change the administrator’s password, create new administrator accounts, or can have the entire administrator access on the target system.

It is therefore advisable to upgrade your wordpress version to the latest version. You can download the latest version here.

Source: http://www.ss6.net/blog/how-to-check-if-your-wordpress-site-is-vulnerable-to-xss-attack/

Thank you

jammani:
Thank you

You re welcome.