A high-severity vulnerability has been identified in the "Use-your-Drive | Google Drive plugin for WordPress," which could allow an attacker to inject malicious code into a website. If exploited, this could lead to the compromise of user and administrator accounts, theft of sensitive data, or a complete takeover of the affected website. Organizations using this plugin are urged to apply security updates immediately to mitigate the significant risk to their web presence and data security.

The vulnerability is a Stored Cross-Site Scripting (XSS) flaw. An attacker with permissions to upload or manage files in the Google Drive account connected to the WordPress plugin can craft a malicious file title containing executable JavaScript code. When the plugin renders this file's metadata on the WordPress site, it fails to properly sanitize the 'title' parameter, causing the malicious script to be stored on the server and executed in the browser of any user who views the page displaying the file. This allows for session hijacking, credential theft, website defacement, or redirecting users to malicious websites.

This vulnerability is rated as High severity with a CVSS score of 7.2. Exploitation could have a significant business impact, including reputational damage resulting from a defaced website or compromised user data. An attacker could steal session cookies to impersonate logged-in users, including administrators, potentially leading to a full compromise of the WordPress site. This could result in the theft of sensitive business or customer information, unauthorized content changes, and the use of the compromised website to launch further attacks against its visitors.

Immediate Action: Immediately update the "Use-your-Drive | Google Drive plugin for WordPress" to a patched version (greater than 3) as recommended by the vendor. After patching, review web server and application logs for any signs of past exploitation attempts, such as suspicious script tags in requests or logs related to the plugin's file display functions.

Proactive Monitoring: Implement continuous monitoring of web application logs, specifically looking for patterns indicative of XSS attacks. This includes searching for HTML tags like <script>, <img>, or <iframe> and JavaScript event handlers like onerror or onload within data fields associated with the plugin. A properly configured Web Application Firewall (WAF) can be instrumental in detecting and blocking such malicious injection attempts in real-time.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to filter XSS payloads in parameters used by the plugin.
• Strictly limit permissions for who can upload and name files within the connected Google Drive account to only trusted administrators.
• Temporarily disable the plugin until a patch can be applied to remove the attack vector entirely.

Public Exploit Available: false

Given the high severity (CVSS 7.2) and the nature of the Stored XSS vulnerability, we strongly recommend that organizations identify all WordPress instances using the "Use-your-Drive | Google Drive" plugin and prioritize applying the vendor-supplied patch immediately. Although this CVE is not currently on the CISA KEV list, its potential impact on website integrity and data confidentiality is severe. Proactive patching is the most effective defense and should be completed urgently to prevent potential exploitation.