CVE-2024-10076
📋 TL;DR
This vulnerability in Jetpack and Jetpack Boost WordPress plugins allows contributor-level and higher users to inject malicious scripts through image URLs, which are then executed when other users view affected pages. It enables stored cross-site scripting (XSS) attacks that persist across sessions. WordPress sites using vulnerable versions of these plugins are affected.
💻 Affected Systems
- Jetpack WordPress plugin
- Jetpack Boost WordPress plugin
📦 What is this software?
Jetpack by Automattic
Jetpack Boost by Automattic
⚠️ Risk & Real-World Impact
Worst Case
Attackers with contributor access could inject persistent malicious scripts that steal admin credentials, deface websites, or install backdoors when administrators view compromised pages.
Likely Case
Malicious contributors or compromised accounts inject tracking scripts, redirect users to malicious sites, or perform limited content manipulation.
If Mitigated
With proper user access controls and content sanitization, impact is limited to content manipulation within contributor privileges.
🎯 Exploit Status
Requires contributor-level access. Exploitation involves manipulating image URLs to inject scripts through regex pattern matching flaws.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Jetpack 13.8+, Jetpack Boost 3.4.8+
Vendor Advisory: https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Jetpack and Jetpack Boost. 4. Click 'Update Now' if updates are available. 5. Alternatively, download latest versions from WordPress.org and upload via FTP.
🔧 Temporary Workarounds
Disable Site Accelerator
allTemporarily disable the vulnerable feature until patching is possible
Restrict Contributor Privileges
allTemporarily downgrade contributor users to subscriber role or implement additional content review
🧯 If You Can't Patch
- Implement strict content sanitization for all user-generated content
- Enable web application firewall with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check plugin versions in WordPress admin: Plugins > Installed Plugins. Look for Jetpack version < 13.8 or Jetpack Boost version < 3.4.8.Check Version:
wp plugin list --field=name,version | grep -E 'jetpack|jetpack-boost'Verify Fix Applied:
Confirm Jetpack version is 13.8+ and Jetpack Boost version is 3.4.8+ in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual image URL patterns in content edits
- Multiple failed login attempts followed by content modifications
- Script tags in image src attributes
Network Indicators:
- Unexpected script loads from image CDN URLs
- Suspicious outbound connections after page views
SIEM Query:
source="wordpress" AND (event="plugin_update" OR event="content_edit") AND plugin_name IN ("jetpack", "jetpack-boost")