Stored Cross-Site Scripting Vulnerability in WordPress Core
CVE-2024-4439

7.2HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
3 May 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,200πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-4439?

CVE-2024-4439 is a stored cross-site scripting (XSS) vulnerability found in the WordPress Core, affecting multiple versions up to 6.5.2. This vulnerability arises from insufficient output escaping of user display names, specifically within the Avatar block. It allows authenticated users with contributor-level access or higher to inject malicious web scripts, which can be executed when other users access the affected pages. Furthermore, it poses a risk to unauthenticated attackers, who can exploit this vulnerability on pages containing a comment block, potentially compromising the security and integrity of web applications that rely on WordPress.

Technical Details

The vulnerability is situated in the way WordPress handles user display names in the Avatar block. The lack of proper output escaping makes it possible for attackers to embed arbitrary scripts into the display name field. This flaw specifically targets anyone with sufficient permissions to alter display names, facilitating malicious activity, such as data theft or session hijacking. As a result, both authenticated and unauthenticated attackers can exploit this vulnerability under the right circumstances, particularly affecting the user experience and security of websites using WordPress.

Impact of the Vulnerability

  1. Data Theft: Attackers can execute scripts that may capture sensitive user information, including cookies and session identifiers, leading to potential account takeovers or data breaches.

  2. Defacement and Misinformation: The ability to inject scripts allows attackers to alter the appearance and content of affected pages, which can mislead users, damage reputations, and disrupt services.

  3. Wider Exploitation Potential: Since the vulnerability can be exploited by both authenticated and unauthenticated users, it poses a broader threat landscape, enabling attackers to target a wide array of WordPress sites without being authenticated, making it a pressing concern for website administrators.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4439
Created by d0rb

CVE-2024-4439
Created by soltanali0

CVE-2024-4439
Created by w0r1i0g1ht

News Articles

favicon imageRecorded Future

CVE-2024-4439 Description, Impact and Technical Details

CVE-2024-4439 is a vulnerability in WordPress Core that affects various versions up to 6.5.2. It allows authenticated attackers with contributor-level…

7 months ago

favicon imageRewterz

CVE-2024-4439 – WordPress WP Core Plugin Vulnerability - Rewterz

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name.

9 months ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/news/2024/04/wordpress-6-5-2-mainte...
https://core.trac.wordpress.org/changeset?sfp_email=&sfph...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Rewterz

  • Vulnerability published

.