WordPress SocialFit - Cross-Site Scripting

What is "WordPress SocialFit - Cross-Site Scripting?"

The "WordPress SocialFit - Cross-Site Scripting" module is designed to detect a vulnerability in the WordPress SocialFit plugin. This vulnerability allows for cross-site scripting (XSS) attacks, which can potentially lead to unauthorized access and data theft. The severity of this vulnerability is classified as high.

Impact

If exploited, this vulnerability can allow attackers to inject malicious scripts into web pages viewed by users of the affected WordPress site. This can lead to various consequences, including the theft of sensitive information, session hijacking, defacement of the website, and the spread of malware to site visitors.

How the module works?

The module sends a GET request to the "/wp-content/plugins/socialfit/popup.php" endpoint of the WordPress site, with a specific query parameter that triggers the vulnerability. The request is checked against several matching conditions to determine if the vulnerability is present:

- The response body is checked for the presence of the specific payload that triggers the XSS attack: </script><script>alert(document.domain)</script> - The response header is checked to ensure that the content type is "text/html" - The response status code is checked to ensure it is 200 (OK)

If all of these conditions are met, the module reports the vulnerability, indicating that the WordPress SocialFit plugin is susceptible to cross-site scripting attacks.