SB2020031311 - Multiple vulnerabilities in Fruitful plugin for WordPress

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Stored cross-site scripting (CVE-ID: N/A)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "fruitful_data_save()" function in "inc/func/fruitful-function.php". A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in several AJAX actions. A remote authenticated attacker can bypass implemented security restrictions and delete the theme options, adds one or more input fields while editing the theme and throw a fatal error.

Vulnerable AJAX function:

• fruitful_reset_btn

• fruitful_add_new_slide_action

• run_import_dummy_data

Remediation

Install update from vendor's website.

References

• https://wpvulndb.com/vulnerabilities/10128/
• https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/