CVE-2024-11226
📋 TL;DR
The FireCask Like & Share Button plugin for WordPress has a stored XSS vulnerability in the 'width' parameter that allows authenticated attackers with Contributor access or higher to inject malicious scripts. These scripts execute when users view compromised pages, potentially stealing session cookies or redirecting visitors. All WordPress sites using this plugin up to version 1.2 are affected.
💻 Affected Systems
- FireCask Like & Share Button WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface pages, or redirect visitors to malicious sites.
Likely Case
Attackers with contributor accounts inject malicious scripts that steal user session data, display unwanted content, or redirect visitors to phishing pages.
If Mitigated
With proper user access controls and content security policies, impact is limited to minor page defacement or script injection that doesn't compromise the entire site.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.2 (check plugin repository for latest)
Vendor Advisory: https://wordpress.org/plugins/facebook-like-send-button/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Facebook Like Send Button' plugin. 4. Click 'Update Now' if available. 5. If no update appears, deactivate and delete the plugin, then install the latest version from WordPress repository.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate facebook-like-send-button
Restrict User Roles
allLimit contributor-level access to trusted users only
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Remove contributor access from untrusted users and audit existing contributor accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Facebook Like Send Button' version 1.2 or earlierCheck Version:
wp plugin get facebook-like-send-button --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.2 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints with script tags in parameters
- Multiple page edits from contributor accounts
Network Indicators:
- Unexpected script tags in page responses containing 'width' parameter manipulation
SIEM Query:
source="wordpress.log" AND "facebook-like-send-button" AND ("width=" OR "script")🔗 References
- https://plugins.trac.wordpress.org/browser/facebook-like-send-button/tags/1.2/class-frontend.php#L121
- https://plugins.trac.wordpress.org/changeset/3225838/
- https://wordpress.org/plugins/facebook-like-send-button/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5b9d61cd-1955-40d0-99b4-c75f480733f8?source=cve
