Security Flaw in WP-Members Plugin Leads to Script Injection

The vulnerability, identified as CVE-2024-1852, arises from inadequate input sanitization and output escaping, which permits an adversary to establish accounts that contain a malevolent script saved as the IP address of the user.

According to Defiant’s Wordfence research team, an attacker could use the user registration functionality of WP-Members Membership to fill out and submit a registration form. They could then use a proxy to intercept the registration request and modify it to contain an X-Forwarded-For header with a malicious payload enclosed in script tags.

The malicious script is saved in the user’s profile, and when the page loads and an administrator reads or modifies the user account, the payload is added to the created source code.

The problem lies in the way the plugin stores the IP address of any user who relies on the registration form if an X-Forwarded-For header is included in the request.

The notice stated that “a user could supply any value, including a malicious web script that will be stored as the user’s IP because HTTP headers can be manipulated and the input was not sanitised.”

Security Flaw in WP-Members Plugin Leads to Script Injection

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Security Flaw in WP-Members Plugin Leads to Script Injection

02-Apr-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address