CVE-2024-10563
📋 TL;DR
This vulnerability in the WooCommerce Cart Count Shortcode WordPress plugin allows users with contributor role or higher to inject malicious scripts into pages/posts via unvalidated shortcode attributes. When other users view these pages, the scripts execute in their browsers, enabling stored cross-site scripting attacks. WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- WooCommerce Cart Count Shortcode WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users.
Likely Case
Contributor-level attackers inject malicious scripts that steal user session data or display unwanted content to visitors.
If Mitigated
With proper user role management and content review, impact is limited to potential defacement of specific posts/pages.
🎯 Exploit Status
Exploitation requires contributor-level access; XSS payloads are simple to craft.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.0
Vendor Advisory: https://wpscan.com/vulnerability/08ed69f6-9c9b-4548-9dbb-05b602530ef7/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WooCommerce Cart Count Shortcode'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.1.0+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Remove Contributor Post Publishing
allTemporarily disable contributor ability to publish posts until patched.
wp user set-role <username> subscriber
Disable Plugin
allDeactivate vulnerable plugin if functionality not critical.
wp plugin deactivate woo-cart-count-shortcode
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to block inline scripts
- Review and moderate all contributor posts before publication
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Installed Plugins or run: wp plugin get woo-cart-count-shortcode --field=versionCheck Version:
wp plugin get woo-cart-count-shortcode --field=versionVerify Fix Applied:
Confirm plugin version is 1.1.0 or higher and test shortcode attributes with script payloads that should be escaped.📡 Detection & Monitoring
Log Indicators:
- Unusual post/page edits by contributors
- POST requests containing script tags in shortcode parameters
Network Indicators:
- Outbound connections to unknown domains from WordPress pages
- Unexpected script loads in page responses
SIEM Query:
source="wordpress.log" AND ("shortcode" OR "wp_insert_post") AND ("script" OR "onerror" OR "javascript:")