====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN196
_____________________________________________________________________

DATE                : 01/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WordPress Plugin Virtual
                            Robots.txt.

=====================================================================
https://wordpress.org/plugins/pc-robotstxt/#developers
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28638
_____________________________________________________________________

Changelog
1.10

    Fix to prevent the saving of HTML tags within the robots.txt form
field. Thanks to TrustWave for identifying this issue.

_____________________________________________________________________

Trustwave SpiderLabs Security Advisory TWSL2021-004:
Stored Authenticated XSS in WordPress Plugin Virtual Robots.txt

Published: 03/29/2021
Version: 1.0

Vendor: https://infolific.com/technology/
Product: WordPress Plugin Virtual Robots.txt
Version affected:  <= 1.9

Product description:
The plugin provides a non-filesystem implementation of responses to
requests for robots.txt


Finding 1: WordPress Plugin Virtual Robots.txt <= 1.9 - Stored
Authenticated XSS
*****Credit: Martin Vierula of Trustwave
CVE: CVE-2021-28121
CWE: CWE-79

The Settings page of Virtual Robots.txt is susceptible to Cross-Site
Scripting (XSS) attacks.

A user-input line like:

Disallow: /wp-register.php

Can be modified to:

Disallow: /wp-register.php</textarea></td></tr><script>alert(1);</script>

The vulnerability does require admin+ privileges to exploit.  More
precisely, the action requires the manage_options capability, which by
default only admin+ users have.

Remediation Steps:
Upgrade Virtual Robots.txt plugin to version 1.10 or the latest stable
version.

Revision History:
03/03/2021 - Vulnerability disclosed to vendor
03/03/2021 - Patch released by vendor
03/29/2021 - Advisory published


References
1. https://wordpress.org/plugins/pc-robotstxt/#developers

About Trustwave:
Trustwave helps businesses fight cybercrime, protect data and reduce
security risk. With cloud and managed security services, integrated
technologies and a team of security experts, ethical hackers and
researchers, Trustwave enables businesses to transform the way they
manage their information security and compliance programs. More than
three million businesses are enrolled in the Trustwave TrustKeeper®
cloud platform, through which Trustwave delivers automated, efficient
and cost-effective threat, vulnerability and compliance management.
Trustwave is headquartered in Chicago, with customers in 96
countries. For more information about Trustwave, visit
https://www.trustwave.com.


About Trustwave SpiderLabs:
SpiderLabs(R) is the advanced security team at Trustwave focused on
application security, incident response, penetration testing, physical
security and security research. The team has performed over a thousand
incident investigations, thousands of penetration tests and hundreds of
application security tests globally. In addition, the SpiderLabs
Research team provides intelligence through bleeding-edge research and
proof of concept tool development to enhance Trustwave's products and
services.
https://www.trustwave.com/spiderlabs


Disclaimer:
The information provided in this advisory is provided "as is" without
warranty of any kind. Trustwave disclaims all warranties, either express
or implied, including the warranties of merchantability and fitness for
a particular purpose. In no event shall Trustwave or its suppliers be
liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages,
even if Trustwave or its suppliers have been advised of the possibility
of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing
limitation may not apply.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================