Detection Guidance

This vulnerability affects the MinhNhut Link Gateway plugin for WordPress versions up to 3.6.1, specifically in multi-site installations or where unfiltered_html is disabled. Detection involves checking for the presence of this plugin and its version, as well as inspecting the plugin's settings fields (Description, Title, and others) for injected scripts.

Since the vulnerability requires Administrator-level access to inject scripts, detection commands should focus on identifying the plugin version and scanning for suspicious script tags in the plugin's settings stored in the WordPress database.

• Use WP-CLI to check the installed plugin version: `wp plugin list --format=json | jq '.[] | select(.name=="link_gateway")'`
• Query the WordPress database to look for suspicious script tags in the plugin's settings, for example using MySQL: `SELECT option_name, option_value FROM wp_options WHERE option_name LIKE '%link_gateway%' AND option_value LIKE '%<script>%';`
• Monitor HTTP traffic for unexpected script execution on redirect pages related to the plugin, which may indicate exploitation.

Useful 0 Not Useful 0

Executive Summary

The MinhNhut Link Gateway plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in its settings fields such as Description and Title. This vulnerability exists in all versions up to and including 3.6.1 due to insufficient input sanitization and output escaping.

Authenticated users with Administrator-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts execute whenever a user accesses the redirect page.

This issue specifically affects multi-site WordPress installations and installations where the unfiltered_html capability has been disabled.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers with administrator privileges to inject malicious scripts that execute in the context of users visiting the affected redirect pages.

Such script execution can lead to unauthorized actions, data theft, session hijacking, or defacement of the website.

Because the vulnerability requires high privileges and affects multi-site or restricted HTML installations, the risk is somewhat limited but still significant for affected environments.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should update the MinhNhut Link Gateway plugin for WordPress to a version later than 3.6.1 where the issue is fixed.

Additionally, ensure that your WordPress installation is not a multi-site setup or that the unfiltered_html setting is enabled, as the vulnerability only affects multi-site installations or those with unfiltered_html disabled.

Limit Administrator-level access to trusted users only, since exploitation requires authenticated users with such privileges.

Useful 0 Not Useful 0