CVE-2021-24878 Scanner

SupportCandy is a WordPress plugin used to create and manage support tickets. It is widely used by businesses and individuals who require a lightweight and efficient solution for handling customer support inquiries. The plugin offers various features including ticket creation, management, and email notifications. SupportCandy can be integrated with various other tools and plugins to enhance its functionality. It is available on the WordPress repository and has a significant user base owing to its ease of use and flexibility. The plugin is actively maintained to address vulnerabilities and feature requests.

The vulnerability identified in SupportCandy relates to Cross-Site Scripting (XSS), specifically in the [wpsc_create_ticket] shortcode embed. Attacks exploiting this vulnerability allow the execution of arbitrary scripts in the context of the user's browser. Such XSS vulnerabilities pose significant security risks, including potential for account hijacking and data theft. The issue arises due to improper sanitization and escaping of query strings, allowing attackers to inject malicious scripts. This vulnerability is particularly concerning because it requires minimal interaction from users. Therefore, it is crucial for affected installations to update to the patched version.

The technical details of the Cross-Site Scripting vulnerability in SupportCandy revolve around the improper handling of query strings. When an attacker crafts a specific URL that includes a malicious payload, this payload is rendered erroneously on the affected page. The vulnerable parameter was identified within the query string used by the [wpsc_create_ticket] shortcode. By embedding a script in this parameter, attackers can manipulate the executed content. The system fails to escape these inputs, leading to script execution that conforms to client-side rendered environments.

Exploitation of this vulnerability can lead to severe consequences. A successful attack could enable malicious entities to execute scripts in the context of another user's browser, potentially leading to session hijacking. Sensitive user data like authentication tokens could be compromised, posing privacy risks. Additionally, this could facilitate further social engineering attacks through deceptive content rendering. The security and integrity of client communications are at risk until the vulnerability is remediated. Users are therefore urged to upgrade or apply security patches immediately.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2021-24878
• https://github.com/andrewcy86/supportcandy(plugin)
• https://wpscan.com/vulnerability/d2f1fd60-5e5e-4e38-9559-ba2d14ae37bf/