CVE-2024-11605
📋 TL;DR
The wp-publications WordPress plugin through version 1.2 contains a stored cross-site scripting (XSS) vulnerability. High-privilege users like administrators can inject malicious scripts via filenames that execute when viewed by other users. This affects WordPress sites using the vulnerable plugin version.
💻 Affected Systems
- wp-publications WordPress plugin
📦 What is this software?
Wp Publications by Wp Publications Project
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin access could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users.
Likely Case
Malicious admin could target other administrators or users to steal credentials or perform unauthorized actions within the WordPress dashboard.
If Mitigated
With proper user access controls and content security policies, impact is limited to the specific admin user's session.
🎯 Exploit Status
Exploitation requires admin-level access. The vulnerability is in filename handling without proper output escaping.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check for updates beyond 1.2
Vendor Advisory: https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find wp-publications plugin. 4. Click 'Update Now' if available. 5. If no update available, consider disabling or removing the plugin.
🔧 Temporary Workarounds
Disable wp-publications plugin
allTemporarily disable the vulnerable plugin until patched version is available
wp plugin deactivate wp-publications
Remove admin XSS capabilities
allImplement Content Security Policy headers to mitigate XSS impact
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Remove admin access from untrusted users and implement principle of least privilege
- Implement web application firewall rules to detect and block XSS payloads in filenames
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for wp-publications version 1.2 or earlierCheck Version:
wp plugin list --name=wp-publications --field=versionVerify Fix Applied:
Verify plugin version is updated beyond 1.2 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual filename uploads containing script tags or JavaScript code
- Multiple file uploads with similar malicious patterns by admin users
Network Indicators:
- Outbound connections to suspicious domains following file uploads
- Unexpected JavaScript execution in WordPress admin interface
SIEM Query:
source="wordpress.log" AND ("wp-publications" OR "filename contains <script")