800,000+ websites use the Complianz WordPress GDPR/CCPA Cookie Consent plugin, which has an XSS vulnerability.
Recently, a stored XSS vulnerability that may have allowed an attacker to upload malicious scripts to initiate attacks against site users was patched by a well-known WordPress privacy compliance plugin with over 800,000 installations.
Complianz – GDPR/CCPA Cookie Consent Plugin for WordPress
Website owners may easily adhere to privacy standards like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) by using the robust Complianz plugin for WordPress.
The plugin controls several areas of user privacy, such as managing cookie consent (including by subregion), preventing third-party cookies, and controlling other cookie banner-related issues.
With over 800,000 installations at the moment, the tool’s success could be explained by its adaptability and use.
Vulnerability in Complianz Plugin Stored XSS
A stored cross-site scripting (XSS) vulnerability in the Complianz WordPress plugin was found to enable the uploading of malicious scripts directly to the website server by users. A stored XSS uses a malicious script that is stored and served from the target website’s server, as opposed to a reflected XSS that needs the user of the website to click a link.
Two security features are absent from the Complianz admin settings, which is the source of the vulnerability.
- Sanitization of Input
There wasn’t enough output escaping and input sanitization in the plugin. A common procedure for verifying that data entered into a form field on a website is what is anticipated, such as text input rather than a script upload, is called input sanitization.
According to the official WordPress developer handbook, data sanitization is defined as:
The process of protecting, clearing, and filtering input data is known as “sanitizing input.” Sanitization is not as specific as validation, which is why it is favored. The next best thing, though, is sanitization when “more specific” isn’t feasible.
- Getting Away With It
Output escaping, a security measure that eliminates undesired data before it is presented for a user, was absent from the plugin.
How Much of a Risk Is There?
To take advantage of this vulnerability, an attacker must have admin permission levels or higher. This could be the cause of the vulnerability’s 4.4 out of 10 score—10 being the highest possible score—that it has received.
Additionally, the vulnerability is limited to certain types of installations.
As stated by Wordfence:
This allows authorized attackers to insert arbitrary web scripts into sites that will run whenever a user visits a page that has been injected, provided they have administrator-level rights or higher.
Only multi-site installs and installations with unfiltered_html disabled are impacted by this.
Upgrade To The Most Recent Version
Versions of Complianz equal to or lower than 6.5.5 are vulnerable. Updating to 6.5.6 or later is advised for users.