Behind the Code: Identifying Zero-Day Exploits in WordPress-Reference-Cited by-同舟云学术

Behind the Code: Identifying Zero-Day Exploits in WordPress

Published:2024-07-19 Issue:7 Volume:16 Page:256
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Mohamed Mohideen Mohamed Azarudheen¹^ORCID,Nadeem Muhammad Shahroz²,Hardy James¹,Ali Haider¹,Tariq Umair Ullah³,Sabrina Fariza³^ORCID,Waqar Muhammad²^ORCID,Ahmed Salman²

Affiliation:

1. School of Computing, University of Derby, Derby DE22 3AW, UK

2. School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK

3. School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia

Abstract

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats.

Publisher

MDPI AG

Link

https://www.mdpi.com/1999-5903/16/7/256/pdf

Reference56 articles.

1. Bilge, L., and Dumitraş, T. (2012, January 16–18). Before we knew it: An empirical study of zero-day attacks in the real world. Proceedings of the 2012 ACM Conference on Computer and Communications Security, New York, NY, USA. CCS ’12.

2. Axelsson, S. (2024, April 02). Intrusion Detection Systems: A Survey and Taxonomy. Available online: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=7a15948bdcb530e2c1deedd8d22dd9b54788a634.

3. An overview of anomaly detection techniques: Existing solutions and latest technological trends;Patcha;Comput. Netw.,2007

4. (2024, July 05). Zero Day Attack—Glossary|CSRC—csrc.nist.gov, Available online: https://csrc.nist.gov/glossary/term/zero_day_attack.

5. Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.N., Bayne, E., and Bellekens, X. (2020). Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection. Electronics, 9.