IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i7p256-d1438410.html
   My bibliography  Save this article

Behind the Code: Identifying Zero-Day Exploits in WordPress

Author

Listed:
  • Mohamed Azarudheen Mohamed Mohideen

    (School of Computing, University of Derby, Derby DE22 3AW, UK)

  • Muhammad Shahroz Nadeem

    (School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK)

  • James Hardy

    (School of Computing, University of Derby, Derby DE22 3AW, UK)

  • Haider Ali

    (School of Computing, University of Derby, Derby DE22 3AW, UK)

  • Umair Ullah Tariq

    (School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia)

  • Fariza Sabrina

    (School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia)

  • Muhammad Waqar

    (School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK)

  • Salman Ahmed

    (School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK)

Abstract

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats.

Suggested Citation

  • Mohamed Azarudheen Mohamed Mohideen & Muhammad Shahroz Nadeem & James Hardy & Haider Ali & Umair Ullah Tariq & Fariza Sabrina & Muhammad Waqar & Salman Ahmed, 2024. "Behind the Code: Identifying Zero-Day Exploits in WordPress," Future Internet, MDPI, vol. 16(7), pages 1-22, July.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:7:p:256-:d:1438410
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/7/256/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/7/256/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:7:p:256-:d:1438410. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.