Detection Guidance

This vulnerability can be detected by monitoring requests to the '/wp-json/agwp/v1/tokens/save' endpoint, specifically looking for suspicious or unexpected input in the 'kit title' parameter that could indicate an attempt to inject stored cross-site scripting payloads.

Since the vulnerability requires authenticated contributor-level access or higher, detection can also involve auditing user actions and API calls made by users with such privileges.

Example commands to detect suspicious activity might include using web server logs or network monitoring tools to filter requests:

• Using grep on web server logs to find requests to the vulnerable endpoint: grep "/wp-json/agwp/v1/tokens/save" /var/log/apache2/access.log
• Searching for suspicious script tags or encoded payloads in the 'kit title' parameter within logs: grep -iE "<script|%3Cscript" /var/log/apache2/access.log
• Using network monitoring tools like Wireshark or tcpdump to capture and analyze HTTP POST requests to the endpoint.

Useful 0 Not Useful 0

Executive Summary

The vulnerability exists in the Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress, specifically in versions up to and including 2.5.0. It is a Stored Cross-Site Scripting (XSS) vulnerability that occurs via the '/wp-json/agwp/v1/tokens/save' endpoint's kit title parameter. This happens because the plugin does not properly sanitize input or escape output in an admin attribute context. As a result, an authenticated attacker with contributor-level access or higher can inject malicious web scripts into pages, which will execute whenever any user accesses the infected page.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers with contributor-level access or above to inject arbitrary scripts into the website. These scripts can execute in the context of users visiting the infected pages, potentially leading to unauthorized actions such as stealing session cookies, defacing the website, or performing actions on behalf of other users without their consent. This compromises the integrity and security of the affected WordPress site.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the Style Kits – Advanced Theme Styles for Elementor plugin to a version later than 2.5.0 where the vulnerability is fixed.

If an update is not immediately possible, restrict contributor-level and higher user access to trusted users only, as the vulnerability requires authenticated contributor-level access.

Additionally, monitor and audit API requests to the '/wp-json/agwp/v1/tokens/save' endpoint for suspicious activity and consider temporarily disabling or restricting access to this endpoint if feasible.

Useful 0 Not Useful 0