Hacking

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites.

On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions on a victim’s website.

Ivory Search – WordPress Search Plugin allows its users to create new custom search forms for their WordPress site/s.

Our Threat Intelligence Team led by Jinson Varghese initially reached out to the Ivory Search plugin developers with the full disclosure details on March 28, 2021. The developers responded on March 29, 2021, confirming the vulnerability and its impact. Then a day later, the patch was released – on March 30, 2021.

This is a medium severity reflected XSS vulnerability affecting Ivory search plugin version 4.6.0 and below. Therefore, we highly recommend updating this plugin to its latest version containing the patch, 4.6.1, immediately.

If you are using Astra Security Suite – WordPress Firewall & Malware Scanner then your site is already secured against this vulnerability.

Timeline of the vulnerability in Ivory Search

  • March 28, 2021 – Astra Security Threat Intelligence team discovers and analyzes the vulnerability.
  • March 28, 2021 – Full vulnerability disclosure sent to the developers of the Ivory Search plugin.
  • March 29, 2021 – Astra Security received a response from the plugin’s dev team confirming the vulnerability and they also informed us that the patch should be available in a few days.
  • March 30, 2021 – Patched version of the plugin released.

“A particular component on the Ivory Search plugin settings page was not validated properly which enabled the execution of malicious JavaScript code. An attacker can exploit such vulnerabilities to perform malicious actions”, Jinson said.

If you are one of the Ivory Search plugin users, it is highly recommended that you should update the plugin to its fully patched version 4.6.1.

Astra Security Suite – WordPress Security Plugin Can Help Secure Your Site

Astra Security Suite – WordPress security plugin, is the go-to security suite for your WordPress website. With Astra Security Suite protecting your website, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats again. Right from 24*7 monitoring with Astra Security’s firewall to an on-demand malware scanner, Astra takes care of it all. Take an Astra demo today.

If you’re a WP plugin or theme developer then you can follow this DIY security audit guide to make sure that your plugin has no security loopholes.

Original post at

https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/

About the author: Kanishk Tagade

Kanishk Tagade is a Marketing Manager at Astra Security. Having a hawk-eyed view on the cybersecurity threat landscape, market-shifts, and hacktivism activities, Kanishk is a community member of the Nasscom and corporate contributor at many technology magazines and security awareness platforms.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

(SecurityAffairs – hacking, WordPress)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

8 hours ago

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

8 hours ago

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…

11 hours ago

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…

1 day ago

Shields up US retailers. Scattered Spider threat actors can target them

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…

1 day ago

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…

1 day ago