CVE-2024-9425

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 18, 2024 / Updated: 32d ago

010
CVSS 5.4EPSS 0.07%Medium
CVE info copied to clipboard

Summary

The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in versions up to and including 1.0.9. This vulnerability is due to insufficient input sanitization and output escaping on user-supplied attributes. It allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when a user accesses an injected page.

Impact

This vulnerability could allow attackers to inject malicious scripts into WordPress pages. When executed, these scripts can perform various malicious actions in the context of the victim's browser, such as stealing sensitive information (e.g., session cookies, authentication tokens), redirecting users to malicious sites, or manipulating the page content. The impact is elevated because it's a stored XSS, meaning the malicious script is permanently stored on the target servers and executed whenever a user views the affected page. This could potentially affect multiple users over time.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in version 1.1.0 of the Advanced Category and Custom Taxonomy Image plugin. The patch was added on 2024-10-22, as indicated in the WordPress plugin repository.

Mitigation

1. Update the Advanced Category and Custom Taxonomy Image plugin to version 1.1.0 or later immediately. 2. If immediate updating is not possible, consider temporarily disabling the plugin until it can be updated. 3. Implement the principle of least privilege by reviewing and limiting user roles and permissions, especially for contributor-level access. 4. Regularly audit and monitor for any suspicious activities or unauthorized changes in pages and posts. 5. Implement a Web Application Firewall (WAF) to help detect and block XSS attacks. 6. Educate content creators about the risks of using untrusted shortcodes and the importance of validating and sanitizing user inputs.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9425. See article

Oct 18, 2024 at 9:42 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 18, 2024 at 9:43 AM
CVE Assignment

NVD published the first details for CVE-2024-9425

Oct 18, 2024 at 10:15 AM
CVSS

A CVSS base score of 6.4 has been assigned.

Oct 18, 2024 at 10:20 AM / nvd
EPSS

EPSS Score was set to: 0.07% (Percentile: 31%)

Oct 19, 2024 at 9:48 AM
CVSS

A CVSS base score of 5.4 has been assigned.

Oct 22, 2024 at 2:12 PM / nvd
Static CVE Timeline Graph

Affected Systems

Sajjadhsagor/advanced_category_and_custom_taxonomy_image
+null more

Patches

plugins.trac.wordpress.org
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
CVE Alert: CVE-2024-9425 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9425/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9425
CVE Alert: CVE-2024-9425
The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. Everyone that supports the site helps enable new functionality.
CVE-2024-9425
Medium Severity Description The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Read more at https://www.tenable.com/cve/CVE-2024-9425
Medium - CVE-2024-9425 - The Advanced Category and Custom Taxonomy Image...
The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in all versions up to, and including,...
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI