cbcvebase.
CVE-2024-37259
published 2024-07-22

CVE-2024-37259: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended…

PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.6th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 2.4.7.

Affected

2 ranges
VendorProductVersion rangeFixed in
wp_extendedthe_ultimate_wordpress_toolkit_wp_extended<= 2.4.7
wpextendedwp_extended< 3.0.03.0.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/wpextended/readme.txt
url/wp-admin/admin.php?page=wp-extended_login_attempt
path/wp-content/plugins/wpextended/
otheralert(document.domain)
  • Probe for plugin presence by requesting the readme.txt file and checking for the plugin name string in the response body.
  • Vulnerable versions are 2.4.7 and below; extract the version from the readme.txt 'Stable tag' field and compare.
  • The XSS payload is reflected in the login-attempt admin page; confirm exploitation by checking that the raw XSS payload appears in the body of the wp-extended_login_attempt admin page response.
  • The attack vector requires an authenticated session; look for POST requests to /wp-login.php followed by access to the admin login-attempt page as an indicator of exploitation attempts.
  • Version string can be extracted from the plugin readme.txt using the regex pattern 'Stable tag: ([0-9.]+)'.
  • ·Exploitation requires an authenticated (logged-in) WordPress session before the XSS can be triggered on the admin page.
  • ·The vulnerability affects WP Extended versions from n/a through 2.4.7 inclusive; versions above 2.4.7 are not affected.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.