Stored Cross-Site Scripting Vulnerability in Ajax Search Lite Plugin for WordPress
CVE-2024-10568

Currently unrated

Key Information:

Vendor
Wordpress
Status
Ajax Search Lite
Vendor
CVE Published:
12 December 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

CVE-2024-10568 is a notable Stored Cross-Site Scripting (XSS) vulnerability found in the Ajax Search Lite plugin for WordPress, affecting versions prior to 4.12.4. This vulnerability arises due to improper sanitization and escaping of certain settings, allowing high privilege users, such as administrators, to execute malicious scripts. This can lead to the exploitation of the site even in configurations where the unfiltered_html capability is disabled, such as in multisite setups. This exposes users to potential data theft, unauthorized actions, and site defacement. It is crucial for WordPress site owners utilizing the Ajax Search Lite plugin to apply the latest updates and mitigate any risks associated with this vulnerability.

Affected Version(s)

Ajax Search Lite 0 < 4.12.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10568 - Proof of Concept

References

https://wpscan.com/vulnerability/1676aef0-be5d-4335-933d-...
exploitvdb-entrytechnical-description

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrii Ignatyev
WPScan
.