CVE-2023-46153
📋 TL;DR
Unauthenticated stored cross-site scripting (XSS) vulnerability in the User Feedback WordPress plugin allows attackers to inject malicious scripts that execute when users view affected pages. This affects WordPress sites running User Feedback plugin version 1.0.9 or earlier. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- User Feedback WordPress Plugin
📦 What is this software?
Userfeedback by Monsterinsights
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through session hijacking, credential theft, malware distribution to visitors, and persistent defacement of the website.
Likely Case
Session hijacking leading to unauthorized administrative access, data exfiltration, and malicious redirects to phishing sites.
If Mitigated
Limited impact with proper content security policies, input validation, and output encoding in place, though vulnerability still exists.
🎯 Exploit Status
XSS vulnerabilities are commonly exploited and weaponized. Public proof-of-concept details injection vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.10 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find User Feedback plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable User Feedback Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate userfeedback-lite
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources.
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads.
- Disable user feedback functionality and remove plugin if not essential.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > User Feedback version number. If version is 1.0.9 or lower, system is vulnerable.Check Version:
wp plugin get userfeedback-lite --field=versionVerify Fix Applied:
Verify plugin version is 1.0.10 or higher in WordPress admin panel. Test feedback forms with basic XSS payloads like <script>alert('test')</script> to ensure sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to feedback endpoints with script tags or JavaScript code
- Multiple failed XSS attempts in web server logs
- Unexpected administrative actions from non-admin IPs
Network Indicators:
- HTTP requests containing <script> tags in parameters
- Outbound connections to suspicious domains after visiting feedback pages
SIEM Query:
source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path LIKE "%/userfeedback%") AND (request_body LIKE "%<script>%" OR request_body LIKE "%javascript:%")