Impact Analysis

This vulnerability can allow attackers with Contributor-level or higher permissions to inject malicious scripts into pages viewed by other users. If a victim clicks on a maliciously crafted link, the injected script can execute in their browser.

Potential impacts include theft of user session cookies, defacement of the website, redirection to malicious sites, or performing actions on behalf of the victim user.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Executive Summary

The Writeprint Stylometry plugin for WordPress (version 0.1 and earlier) is vulnerable to Reflected Cross-Site Scripting (XSS) via the 'p' GET parameter. This vulnerability arises because the plugin's function bjl_wprintstylo_comments_nav() outputs the 'p' parameter directly into an HTML href attribute without proper escaping or sanitization.

As a result, an authenticated attacker with Contributor-level permissions or higher can inject arbitrary web scripts that execute when another user is tricked into clicking a crafted link.

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves the Writeprint Stylometry WordPress plugin version 0.1, which is vulnerable to Reflected Cross-Site Scripting (XSS) via the 'p' GET parameter due to insufficient input sanitization and output escaping."}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can check if the Writeprint Stylometry plugin version 0.1 is installed and active on your WordPress site.'}, {'type': 'paragraph', 'content': "You can also test for the vulnerability by sending crafted HTTP GET requests to the affected plugin's pages, injecting script payloads into the 'p' parameter and observing if the payload is reflected unescaped in the HTML response."}, {'type': 'list_item', 'content': 'Use curl or wget to send a request with a test XSS payload, for example: curl -i "http://yourwordpresssite.com/wp-admin/admin.php?page=writeprint-stylometry&p=<script>alert(1)</script>"'}, {'type': 'list_item', 'content': "Inspect the response HTML for unescaped script tags or injected JavaScript in the href attribute related to the 'p' parameter."}, {'type': 'list_item', 'content': 'Scan your WordPress plugins directory for the presence of the Writeprint Stylometry plugin version 0.1.'}, {'type': 'list_item', 'content': 'Use vulnerability scanners or WordPress security plugins that can detect known vulnerable plugins and XSS issues.'}] [2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should:

• Disable or uninstall the Writeprint Stylometry plugin version 0.1 from your WordPress installation if it is not essential.
• If you must use the plugin, restrict Contributor-level or higher user permissions carefully to trusted users only, as the vulnerability requires authenticated users with such permissions.
• Apply input sanitization and output escaping patches if available from the plugin author or security community.
• Use Web Application Firewalls (WAF) to block malicious payloads targeting the 'p' GET parameter.
• Monitor your WordPress logs and user activity for suspicious actions or exploitation attempts.
• Keep your WordPress core, themes, and plugins updated to the latest versions to reduce exposure to known vulnerabilities.

Useful 0 Not Useful 0