CVE-2024-11746
📋 TL;DR
This stored XSS vulnerability in the Woocommerce Brands WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts via the 'product_brand' shortcode. The scripts execute when users view affected pages, potentially compromising visitor accounts. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Woocommerce Brands WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Session hijacking, credential theft from logged-in users, or website defacement through injected malicious content.
If Mitigated
Limited impact if proper user role management restricts contributor access and web application firewalls filter malicious payloads.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.3.2
Vendor Advisory: https://plugins.trac.wordpress.org/browser/gs-woo-brands
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Woocommerce Brands' plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Remove Contributor Role Access
allTemporarily restrict contributor-level users from accessing the site until patch is applied.
Web Application Firewall Rules
allConfigure WAF to block XSS payloads targeting the product_brand shortcode attributes.
🧯 If You Can't Patch
- Disable the Woocommerce Brands plugin completely until patched
- Implement strict user role management and audit all contributor-level accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Woocommerce Brands → Version number. If version is 1.3.2 or lower, you are vulnerable.Check Version:
wp plugin list --name='Woocommerce Brands' --field=versionVerify Fix Applied:
After updating, verify plugin version is higher than 1.3.2. Test shortcode functionality with safe test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php with product_brand parameters
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Inbound requests with JavaScript payloads in URL parameters or POST data
SIEM Query:
source="wordpress.log" AND ("product_brand" AND ("script" OR "onerror" OR "javascript:"))🔗 References
- https://plugins.trac.wordpress.org/browser/gs-woo-brands/tags/1.3.1/woocommerce-brand.php#L299
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235325%40gs-woo-brands&new=3235325%40gs-woo-brands&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/443cfb7b-4566-4a71-ac31-5a5361c58aa2?source=cve
