PayPal Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-5447

4.8MEDIUM

Key Information:

Vendor
Wordpress
Status
Paypal Pay Now, Buy Now, Donation And Cart Buttons Shortcode
Vendor
CVE Published:
21 June 2024

Badges

📈 Score: 479👾 Exploit Exists🟡 Public PoC

What is CVE-2024-5447?

CVE-2024-5447 is a vulnerability identified in the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress, specifically affecting versions up to 1.7. This plugin is commonly used by WordPress site owners to facilitate online transactions through integrated PayPal functionality. The vulnerability arises due to inadequate sanitization and escaping of certain settings within the plugin, which can lead to stored Cross-Site Scripting (XSS) attacks. This exposes organizations to severe risks, particularly those with multiple users such as multisite setups, where high privilege users like administrators could potentially exploit this flaw, resulting in unauthorized actions on the website.

Technical Details

The vulnerability in CVE-2024-5447 stems from the inability of the PayPal plugin to properly sanitize user input and escape its settings. This oversight means that if an attacker gains elevated privileges (like an admin account), they could inject malicious scripts that are stored on the server. When these scripts are executed, they may compromise the integrity of the website, affecting users who visit the site. The flaw is particularly concerning in environments where the unfiltered HTML capability is typically restricted.

Potential Impact of CVE-2024-5447

  1. User Data Compromise: Stored XSS attacks could allow attackers to execute scripts in users' browsers, which can lead to the theft of sensitive information such as login credentials, personal data, and payment information from unsuspecting users.

  2. Site Manipulation and Defacement: Attackers could exploit this vulnerability to alter site content, potentially redirecting users to malicious sites or displaying inappropriate content, thereby damaging the organization's reputation and user trust.

  3. Wider Network Vulnerabilities: Given that the vulnerability affects high privilege users, there is a risk of allowing lateral movement within an organization’s network, which could lead to further exploitation of other systems, data breaches, or ransomware deployment.

Affected Version(s)

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 0 <= 1.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5447 - Proof of Concept

References

https://wpscan.com/vulnerability/a692b869-1666-42d1-b56d-...
exploitvdb-entrytechnical-description

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bob Matyas
WPScan
.