Here we are discussing one of the vulnerabilities affecting Word Press 6.0.3 version known as Cross Site Scripting. Its CVSS Score is 8.8. Its severity level is high and must be updated as soon as possible.
A cross-site scripting vulnerability occurs when malicious scripts are executed in the victim browser by an attacker getting original user credentials.
A stored XSS attack occurs when a logged-in user visits the website that contains the malicious script that is stored on the website itself.
Cross-Site Request Forgery (CSRF)
As stated by OWASP a Cross-Site Request Forgery (CSRF) is an attack that compels a user who is currently logged in to a web application and made no choice for user to perform undesirable actions.
Sending a link via email or chat helps an attacker put the users to perform some unwanted action in a web application
Resultantly the theft of sensitive information, including financial information, and is exploited for forgery. More technically the Trackback functionality of WordPress is a notification when a WordPress sends to an external site. When you link to it in your content this functionality does not explicitly state the intended user identity. Taking advantage of this ambiguity, an unauthenticated user triggered a trackback, taking another user’s identity and performing some action. The identity value is 0 representing an unauthenticated user.
In other words, you can say that WordPress does not provide any CSRF validation. Because trackbacks and pingbacks function failed in the event of validation when a new comment is added to a blog. This means an attacker can add comments to the usernames of the administrator type on a WordPress blog.
CSRF attack is the digital equivalent of a scammer forging. You can get a victim’s signature without even leaving a trace. The Victim executes one or more unwanted requests on a given site by force. Numerous well-known plugins had security flaws that left WordPress websites open to CSRF attacks. Plugin developers provide security to prevent CSRF attacks.
Avoid CSRF Attacks with Nonces
Nonces is a security token that identifies whether the request is valid or not. It also protect the URL from unauthorized unwanted action. Nonces can reduce CSRF attacks. Confirming that request was made by an authenticated user. WordPress provides many methods of the nonce to protect from CSRF. It’s a tip to load the nonce on every page when you add WordPress nonce in the form. As it helps to verify that the nonce has not changed.
<input name="form_nonce" type="hidden" value="<? =wp_create_nonce('test-nonce')?>" /> Ensure that your device is free of malicious software, and at the end login out from the site. Adding a reference header is to protect against attack. Considered to be unreliable. In electronic banking, sites add two-factor authentication to avoid fraud. Website operators can also protect users’ sites from CSRF attacks.
