{"id":16308,"date":"2019-09-12T14:40:04","date_gmt":"2019-09-12T22:40:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/09\/12\/news-10050\/"},"modified":"2019-09-12T14:40:04","modified_gmt":"2019-09-12T22:40:04","slug":"news-10050","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/12\/news-10050\/","title":{"rendered":"WordPress (Core) Stored XSS Vulnerability"},"content":{"rendered":"
\n
\n

FortiGuard Labs Breaking Threat Research<\/i><\/p>\n

Overview<\/h2>\n

WordPress is the world\u2019s most popular Content Management System (CMS). It has 60.4% of the global CMS market share<\/a>, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of the websites on the Internet were built using WordPress.<\/p>\n

The FortiGuard Labs team recently discovered a stored Cross-Site Scripting (XSS) zero-day vulnerability in WordPress<\/a>. This XSS vulnerability is caused by the new built-in editor Gutenberg found in WordPress 5.0. The editor fails to filter the JavaScript\/HTML code in the Shortcode error message. This allows a remote attacker with Contributor or higher permission to execute arbitrary JavaScript\/HTML code in the browser of victims who access the compromised webpage. If the victim has high permission, such as an administrator, the attacker could even compromise the web server.<\/p>\n

This stored XSS vulnerability affects WordPress versions from 5.0 to 5.2.2.<\/p>\n

Analysis<\/h2>\n

In WordPress 5.0, users can add Shortcode blocks to a post. When adding certain HTML encoded characters like \u201c&lt;\u201d to the Shortcode block and then re-opening this post, it shows an error message and previews it by decoding the \u201c&lt;\u201d to \u201c<\u201d.\u00a0<\/p>\n<\/p><\/div>\n