CVE-2024-10872 – The Getwid WordPress plugin has a stored XSS vu... (How to Fix)

Q: What is the severity of CVE-2024-10872?

CVE-2024-10872 has a CVSS score of 6.4 (MEDIUM). The Getwid WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. These scripts execute whenever users view the compromised pages, potentially affecting all visitors to vulnerable WordPress sites.

📋 TL;DR

The Getwid WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. These scripts execute whenever users view the compromised pages, potentially affecting all visitors to vulnerable WordPress sites.

💻 Affected Systems

Products:

Getwid – Gutenberg Blocks WordPress plugin

Versions: All versions up to and including 2.0.12

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Getwid plugin enabled and at least one user with Contributor role or higher.

📦 What is this software?

Getwid by Motopress

View all CVEs affecting Getwid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers with contributor accounts inject malicious scripts to steal admin credentials or redirect users to phishing sites.

🟢

If Mitigated

With proper user access controls and content filtering, impact is limited to isolated page defacement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has Contributor privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.13

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3188812

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Getwid plugin and click 'Update Now'. 4. Verify version is 2.0.13 or higher.

🔧 Temporary Workarounds

Disable Getwid plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate getwid

Restrict user roles

linux

Remove Contributor role from untrusted users

wp user list --role=contributor --field=ID | xargs wp user set-role subscriber

🧯 If You Can't Patch

Implement web application firewall with XSS protection rules
Enable Content Security Policy headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Getwid version. If version ≤ 2.0.12, vulnerable.

Check Version:

wp plugin get getwid --field=version

Verify Fix Applied:

Verify Getwid plugin version is 2.0.13 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual post/page edits by Contributor users
Script tags in post content containing 'template-post-custom-field'

Network Indicators:

Unexpected script loads from WordPress pages
Suspicious outbound connections from site visitors

SIEM Query:

source="wordpress.log" AND ("template-post-custom-field" OR "getwid") AND ("script" OR "onclick" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-10872

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: November 20, 2024

Last Updated: November 23, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10872, you might also want to check these: