Experts from RIPS Technologies told about two XSS vulnerabilities on the WordPress.org site that were discovered back in May of this year. One of the bugs had the potential of a worm. In this regard, the researchers once again remind that the compromise of just one plug-in for a popular CMS can have very large-scale consequences. Suffice it to recall the recent case with the plugin WP GDPR Compliance, a vulnerability in which was used to hijack sites. This time, the researchers found problems not in the plugins themselves, but on the WordPress.org site , in the official repository. The first vulnerability was noticed almost by accident: specialists were working on the coderisk.com service, and they needed to implement sorting by all available versions of WordPress plugins provided in the official repository. Since there is no universal version control scheme, it turned out that the developers of more than 50,000 plugins number their products as they please (some versioning schemes are directly called “exotic” by experts).
After discovering this bug, the researchers decided to check the entire WordPress.org codebase with their own static code analyzer RIPS. The check revealed another XSS vulnerability on the official CMS website, this time in the dashboard at WordPress.org/plugins. The bug was a “reflected” XSS (reflected XSS). Currently, both problems have already been fixed, and experts once again draw the attention of the community to the fact that vulnerabilities associated with plugins can be so dangerous.