CVE-2024-9772 Scanner
CVE-2024-9772 Scanner - Code Injection vulnerability in WordPress UIX Shortcodes
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
23 days 18 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The UIX Shortcodes plugin for WordPress is widely used by website administrators and developers to enhance the functionality of WordPress websites. It allows users to easily implement custom shortcodes for various WordPress features without having extensive coding knowledge. The plugin is especially popular among WordPress users who utilize the Gutenberg editor for its compatibility and ability to create dynamic content. Small to medium-sized business owners who maintain their own websites also frequently use this plugin to add custom features. Content creators who require flexible and dynamic content presentation often rely on UIX Shortcodes. Overall, its widespread usage makes security critical as it interacts directly with content management systems.
The vulnerability identified in this plugin is a type of code injection, specifically allowing arbitrary shortcode execution without proper validation. Shortcodes are typically used to execute code within WordPress, and this vulnerability enables execution by unauthorized users. Attackers can craft requests that execute shortcodes on vulnerable implementations, bypassing normal security checks. This vulnerability arises from a lack of proper input validation before executing the `do_shortcode` function. As a result, malicious users can run unauthorized shortcodes, which may lead to other security risks. Proper validation stages were likely overlooked during development, resulting in this risk.
The vulnerability lies in the plugin's failure to validate shortcode inputs in its action handler within the admin-ajax.php. The lack of input sanitization allows user input to be executed as code when passed to the `do_shortcode` function. This potentially exposes any uses of the plugin to unauthorized actions triggered by attackers. The tested endpoint of this vulnerability is admin-ajax.php, using POST requests with the action parameter `uixscform_ajax_shortcodepreview`. Attackers sending crafted requests can see their input successfully executed on the site, demonstrating its effectiveness. This technical flaw could open doors for further exploitation if combined with other vulnerabilities.
When exploited, this vulnerability could allow an attacker to execute unauthorized code on WordPress websites that use this plugin. This possibly leads to data exposure, unauthorized changes to a website, or further compromise through the execution of additional attacks. Exploitation of this vulnerability can disrupt normal operations of affected WordPress sites. It allows attackers to launch more complex attacks, such as compromising user data or planting backdoors. Consequently, it imposes a risk of significant reputational and operational damages to vulnerable site owners.
REFERENCES
- https://nvd.nist.gov/vuln/detail/CVE-2024-9772
- https://downloads.wordpress.org/plugin/uix-shortcodes.1.9.7.zip
- https://plugins.trac.wordpress.org/browser/uix-shortcodes/trunk/shortcodes/templates/default/frontpage-init.php#L9
- https://wordpress.org/plugins/uix-shortcodes/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=cve
