CVE-2024-11266
📋 TL;DR
The Geocache Stat Bar Widget WordPress plugin through version 0.911 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticated administrators to inject malicious scripts that execute when other users view affected pages, even in WordPress multisite environments where unfiltered_html is restricted. Only WordPress sites using this specific plugin are affected.
💻 Affected Systems
- Geocache Stat Bar Widget WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Malicious admin could inject tracking scripts, deface content, or perform limited privilege escalation by targeting other administrators.
If Mitigated
With proper user access controls and admin vetting, impact is limited to the specific admin user's actions.
🎯 Exploit Status
Exploitation requires admin-level WordPress credentials. The vulnerability is in plugin settings that should only be accessible to administrators.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.912 or later
Vendor Advisory: https://wpscan.com/vulnerability/361a4635-7e7d-483c-b2ce-a857d60d91ea/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Geocache Stat Bar Widget'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Remove Plugin
allDeactivate and delete the vulnerable plugin
wp plugin deactivate geocache-stat-bar-widget
wp plugin delete geocache-stat-bar-widget
Restrict Admin Access
allLimit WordPress administrator accounts to trusted personnel only
🧯 If You Can't Patch
- Deactivate the Geocache Stat Bar Widget plugin immediately
- Implement strict access controls and monitoring for WordPress administrator accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins. If Geocache Stat Bar Widget is installed and version is 0.911 or earlier, you are vulnerable.Check Version:
wp plugin get geocache-stat-bar-widget --field=versionVerify Fix Applied:
After update, verify plugin version is 0.912 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual modifications to plugin settings by admin users
- JavaScript injection in plugin configuration data
Network Indicators:
- Unexpected JavaScript loading from WordPress admin pages
SIEM Query:
source="wordpress" AND (event="plugin_settings_update" OR event="option_update") AND plugin="geocache-stat-bar-widget"