CVE-2024-10568 – This vulnerability allows authenticated adminis... (How to Fix)

Q: What is the severity of CVE-2024-10568?

CVE-2024-10568 has a CVSS score of 4.7 (MEDIUM). This vulnerability allows authenticated administrators in WordPress to inject malicious scripts into plugin settings, which execute when other users view affected pages. It affects WordPress sites using Ajax Search Lite plugin versions before 4.12.4, particularly in multisite configurations where unfiltered_html capability is restricted.

📋 TL;DR

This vulnerability allows authenticated administrators in WordPress to inject malicious scripts into plugin settings, which execute when other users view affected pages. It affects WordPress sites using Ajax Search Lite plugin versions before 4.12.4, particularly in multisite configurations where unfiltered_html capability is restricted.

💻 Affected Systems

Products:

WordPress Ajax Search Lite plugin

Versions: All versions before 4.12.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin-level access to exploit. Particularly relevant for WordPress multisite installations where unfiltered_html capability is disabled.

📦 What is this software?

Ajax Search by Wp Dreams

View all CVEs affecting Ajax Search →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leads to site-wide XSS payload deployment, potentially stealing user sessions, redirecting visitors to malicious sites, or defacing the website.

🟠

Likely Case

Malicious admin injects limited XSS payloads affecting specific pages where search functionality appears, potentially capturing user data from those pages.

🟢

If Mitigated

With proper admin account security and regular plugin updates, impact is minimal as only trusted admins can exploit and patches are available.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges. Attack involves injecting scripts into plugin settings through the WordPress admin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.12.4

Vendor Advisory: https://wpscan.com/vulnerability/1676aef0-be5d-4335-933d-dc0d54416fd4/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Ajax Search Lite and click 'Update Now'. 4. Verify version shows 4.12.4 or higher.

🔧 Temporary Workarounds

Temporary plugin deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate ajax-search-lite

Admin access restriction

all

Temporarily restrict admin panel access to trusted IPs only

🧯 If You Can't Patch

Remove admin privileges from untrusted users
Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 4.12.4, system is vulnerable.

Check Version:

wp plugin get ajax-search-lite --field=version

Verify Fix Applied:

Confirm plugin version shows 4.12.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual admin activity modifying plugin settings
Multiple failed admin login attempts

Network Indicators:

Suspicious script tags in HTTP responses from search functionality

SIEM Query:

source="wordpress.log" AND ("ajax-search-lite" OR "plugin settings") AND action="modified"

📊 Metadata

CVE ID: CVE-2024-10568

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE: CWE-79

Published: December 12, 2024

Last Updated: May 17, 2025

🔗 References

https://wpscan.com/vulnerability/1676aef0-be5d-4335-933d-dc0d54416fd4/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10568, you might also want to check these: