CVE-2024-3469
published 2024-06-05CVE-2024-3469: The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due…
PriorityP277medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.64%
45.9th percentile
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| generatepress | generatepress | < 2.4.1 | 2.4.1 |
| generatepress | gp_premium | <= 2.4.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
othersetting-error-license_failed
- →Monitor for reflected XSS payloads in the 'message' GET/POST parameter on WordPress pages running GP Premium plugin versions <= 2.4.0 ↗
- →Look for the 'setting-error-license_failed' value in the message parameter as part of the XSS exploit chain, combined with injected JavaScript (e.g., alert(document.domain))
- ·The vulnerability is exploitable by unauthenticated attackers only if a user can be tricked into clicking a crafted link; it is not directly exploitable without user interaction ↗
- ·All GP Premium plugin versions up to and including 2.4.0 are affected; ensure detection rules scope to this version range ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6crp-pv4g-xcj8: The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2
ghsa_unreviewed·2024-06-05
CVE-2024-3469 [MEDIUM] CWE-79 GHSA-6crp-pv4g-xcj8: The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
VulnCheck
generatepress generatepress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-3469 [MEDIUM] generatepress generatepress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
generatepress generatepress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected: generatepress generatepress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/gp-pr
No detection rules found.
Nuclei
GP Premium <= 2.4.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-3469 [MEDIUM] GP Premium <= 2.4.0 - Cross-Site Scripting
GP Premium alert(document.domain)", "setting-error-license_failed")'
condition: and
# digest: 4b0a00483046022100e6a4dd181e526817fb4877da8e7342d72c1914beca2b748e4d1ec1a1be09dd92022100c676d5692bcc63f63c9c7f20d9fa6f7e95be59729e9038ff85bc8c90a1c79f8a:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://generatepress.com/category/changelog/https://www.wordfence.com/threat-intel/vulnerabilities/id/1a697391-f30d-403f-9046-8fa219a49302?source=cvehttps://generatepress.com/category/changelog/https://www.wordfence.com/threat-intel/vulnerabilities/id/1a697391-f30d-403f-9046-8fa219a49302?source=cve
2024-06-05
Published
Exploited in the wild