CVE-2021-24228 – This is a reflected cross-site scripting (XSS) ... (How to Fix)

📋 TL;DR

This is a reflected cross-site scripting (XSS) vulnerability in the Patreon WordPress plugin that allows attackers to inject malicious scripts into the WordPress login page. When exploited, it can enable session hijacking, credential theft, or redirection to malicious sites. WordPress sites using the vulnerable Patreon plugin versions are affected.

💻 Affected Systems

Products:

Patreon WordPress plugin

Versions: All versions before 1.7.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the Patreon plugin enabled and using the Patreon login functionality.

📦 What is this software?

Patreon Wordpress by Patreon

View all CVEs affecting Patreon Wordpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, install backdoors, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers would typically use this to steal user credentials or session cookies, enabling unauthorized access to WordPress admin panels.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability would be neutralized, preventing script execution while maintaining plugin functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS vulnerabilities are commonly exploited and require minimal technical skill to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.2

Vendor Advisory: https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Patreon plugin
4. Click 'Update Now' if available
5. If not available, download version 1.7.2+ from WordPress.org
6. Deactivate old plugin
7. Upload and activate new version

🔧 Temporary Workarounds

Disable Patreon Login

all

Temporarily disable the Patreon authentication functionality

Navigate to WordPress Settings → Patreon and disable 'Enable Patreon Login'

Deactivate Plugin

all

Completely disable the Patreon plugin

Navigate to WordPress Plugins → Installed Plugins, find Patreon, click 'Deactivate'

🧯 If You Can't Patch

Implement a Web Application Firewall (WAF) with XSS protection rules
Add Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins, find Patreon plugin version

Check Version:

wp plugin list --name=patreon --field=version

Verify Fix Applied:

Verify Patreon plugin version is 1.7.2 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests to wp-login.php with script tags or JavaScript in parameters
Multiple failed login attempts with suspicious parameters

Network Indicators:

HTTP requests containing <script> tags or JavaScript in URL parameters to login pages

SIEM Query:

source="*access.log*" AND ("wp-login.php" OR "patreon") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2021-24228

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: April 12, 2021

Last Updated: November 21, 2024

🔗 References

https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b Third Party Advisory
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24228, you might also want to check these: