CVE-2023-40196
📋 TL;DR
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the ImageRecycle PDF & Image Compression WordPress plugin allows attackers to inject malicious scripts via crafted URLs. When users click malicious links, attackers can steal session cookies, redirect users, or perform actions on their behalf. This affects WordPress sites using ImageRecycle plugin version 3.1.11 or earlier.
💻 Affected Systems
- ImageRecycle PDF & Image Compression WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of WordPress site, install backdoors, deface website, or steal sensitive data.
Likely Case
Attackers steal user session cookies, redirect visitors to malicious sites, or perform limited actions within user permissions.
If Mitigated
With proper Content Security Policy (CSP) headers and input validation, impact is limited to script execution in isolated contexts.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited via phishing or malicious links. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.12 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'ImageRecycle pdf & image compression'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 3.1.12+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the ImageRecycle plugin until patched.
wp plugin deactivate imagerecycle-pdf-image-compression
Implement WAF Rules
allAdd Web Application Firewall rules to block XSS payloads targeting ImageRecycle endpoints.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Use browser security features like X-XSS-Protection and X-Content-Type-Options headers
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → ImageRecycle pdf & image compression → Version number. If version is 3.1.11 or lower, you are vulnerable.Check Version:
wp plugin get imagerecycle-pdf-image-compression --field=versionVerify Fix Applied:
After updating, verify plugin version shows 3.1.12 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests to ImageRecycle plugin endpoints with script tags or JavaScript payloads
- Multiple 400/404 errors from XSS filter blocks
Network Indicators:
- HTTP requests containing <script>, javascript:, or encoded XSS payloads in query parameters
SIEM Query:
source="wordpress.log" AND ("imagerecycle" OR "wp-content/plugins/imagerecycle") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
