CVE-2023-7246 Scanner

System Dashboard is a WordPress plugin that provides a detailed overview of site metrics and system status directly from the admin panel. It is often used by administrators to monitor performance, view resource usage, and gather server details. The plugin is especially useful in multisite environments where centralized monitoring is necessary. With its lightweight interface and useful summaries, it has become a go-to tool for WordPress site maintenance. The plugin integrates into the WordPress admin dashboard and displays server details such as IP addresses, user agents, and uptime. However, certain data displayed can be influenced by user-controlled headers, which introduces potential security risks.

This scanner targets a medium-severity Cross-Site Scripting (XSS) vulnerability found in System Dashboard versions prior to 2.8.10. The issue stems from the plugin's failure to sanitize or escape the `X-Forwarded-For` HTTP header. In multisite configurations, authenticated administrators can exploit this flaw to inject malicious JavaScript that gets reflected and executed in the browser of another admin. The vulnerability specifically affects the IP display section of the dashboard. While the vulnerability requires authentication, the ability to compromise other admin accounts through reflected XSS increases its impact. This makes it a notable concern in shared or team-managed WordPress environments.

The vulnerability is exploited through a specially crafted `X-Forwarded-For` header containing a script payload. When the affected admin panel page is loaded, the plugin reflects this header’s content into the HTML output without proper encoding. The scanner performs a login sequence and then accesses the vulnerable page with a payload in the `X-Forwarded-For` header. Successful injection is confirmed if the response contains both the payload and plugin-specific markers like "Your IP". This confirms that the script was improperly reflected and would execute in a real browser context.

Successful exploitation allows malicious administrators to perform session hijacking, manipulate plugin settings, or redirect users to phishing or malware-hosting sites. This could lead to privilege escalation or unauthorized changes in the WordPress environment. Although the vulnerability is limited to authenticated users, the trust placed in admin accounts makes such issues highly sensitive. The attack could also be automated to affect multiple subsites in a network, increasing its potential damage. Prompt remediation is required to prevent malicious intra-admin activity in multisite environments.

REFERENCES

• https://wpscan.com/vulnerability/7413d5ec-10a7-4cb8-ac1c-4ef554751518/
• https://research.cleantalk.org/cve-2023-7246/
• https://nvd.nist.gov/vuln/detail/CVE-2023-7246