CVE-2022-4022 The SVG Support plugin defaults to insecure settings. Files with malicious javascript are not sanitized.
This can lead to session hijacking, stealing of data, or download of malicious code. Additionally, the Use of untrusted sources on your site can lead to cross-site information exposure. This can happen when an attacker obtains access to your site's content management system and uploads malicious SVG files via WordPress. An attacker may do this for a number of reasons, such as to compromise your site’s functionality or to conduct session hijacking.
An attacker may also acquire a list of trusted SVG sources on your site, and use those trusted sources to inject malicious SVG code into your WordPress site. WordPress allows trusted sources to be configured via the WP Support plugin, permitting attackers to inject malicious SVG code into your WordPress site through trusted sources. This can lead to cross-site information exposure, as well as session hijacking and other impacts depending on the content and functionality of the trusted source.
What is SVG?
Scalable Vector Graphics are a type of vector-based graphic that can be rendered anywhere, including on the web. They have been widely adopted by media and design industries for their flexibility in use.
A vector graphic is composed of an object, curves, and lines. This means that it can be scaled to any size without losing quality or detail. In comparison to raster graphics that use pixels, SVG files can be sent over networks or printed at any size without loss of quality.
How Does Cross Site Scripting (XSS) Work?
Cross-site scripting (XSS) is a type of injection that typically exploits differences in the behavior of client-side and server-side HTML. An XSS attack occurs when an attacker injects malicious script into the application's trusted input (e.g. HTML tags, URL parameters, cookies). An attacker may do this for a variety of reasons, such as to compromise your site’s functionality or to conduct session hijacking.
If an attacker can get access to your site’s content management system and upload malicious SVG files via WordPress, they may then use trusted sources on your site like those configured in WP Support plugin to inject malicious SVG code into your WordPress site through trusted sources. This can lead to cross-site information exposure, as well as session hijacking and other impacts depending on the content and functionality of the trusted source.
Timeline
Published on: 11/16/2022 14:15:00 UTC
Last modified on: 11/18/2022 04:44:00 UTC
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2776612%40svg-support%2Ftrunk&old=2672900%40svg-support%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4022