Stored Cross-Site Scripting Vulnerability in Simple Side Tab Plugin
CVE-2024-11183

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Side Tab
Vendor: CVE Published:; 7 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-11183 involves a serious vulnerability within the Simple Side Tab WordPress plugin prior to version 2.2.0. This flaw arises from improper sanitization and escaping of certain settings, enabling high privilege users (such as administrators) to execute Stored Cross-Site Scripting (XSS) attacks. This threat persists even in setups that restrict the unfiltered_html capability, which is particularly concerning in multisite environments, where security is paramount. If exploited, this vulnerability could allow attackers to inject malicious scripts, leading to unauthorized data access and user compromise.

Affected Version(s)

Simple Side Tab 0 < 2.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-11183 - Proof of Concept

References

https://wpscan.com/vulnerability/ff3f2788-d1a1-4a62-a247-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Dec 7, 2024
👾
Exploit known to exist
Dec 7, 2024
Vulnerability published
Dec 7, 2024
Vulnerability Reserved
Nov 13, 2024

Credit

Krugov Artyom

WPScan