CVE-2024-12203
📋 TL;DR
The RSS Icon Widget plugin for WordPress has a stored cross-site scripting vulnerability in the 'link_color' parameter. Authenticated attackers with administrator access can inject malicious scripts that execute when users view affected pages. This only impacts multi-site WordPress installations or sites where unfiltered_html capability is disabled.
💻 Affected Systems
- WordPress RSS Icon Widget plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Administrator account compromise leading to complete site takeover, data theft, or malware distribution to visitors.
Likely Case
Session hijacking, credential theft from site administrators, or defacement of vulnerable pages.
If Mitigated
Limited impact due to requiring administrator access and specific WordPress configurations.
🎯 Exploit Status
Requires administrator-level access to WordPress, making exploitation more difficult but still dangerous if credentials are compromised.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 5.2
Vendor Advisory: https://plugins.trac.wordpress.org/browser/rss-icon-widget/trunk/rss-icon-widget.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find RSS Icon Widget. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Disable unfiltered_html capability
allEnable unfiltered_html capability for administrators to prevent exploitation
Add to wp-config.php: define('DISALLOW_UNFILTERED_HTML', false);
Remove plugin
linuxDeactivate and delete the vulnerable plugin
wp plugin deactivate rss-icon-widget
wp plugin delete rss-icon-widget
🧯 If You Can't Patch
- Restrict administrator account access to trusted personnel only
- Implement web application firewall rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > RSS Icon Widget version. If version is 5.2 or lower, you are vulnerable.Check Version:
wp plugin get rss-icon-widget --field=versionVerify Fix Applied:
Verify plugin version is higher than 5.2 or plugin is removed entirely.📡 Detection & Monitoring
Log Indicators:
- Unusual administrator activity modifying widget settings
- Suspicious POST requests to widget configuration endpoints
Network Indicators:
- Script tags in link_color parameter values
- Unusual outbound connections from WordPress admin pages
SIEM Query:
source="wordpress.log" AND "rss-icon-widget" AND "link_color" AND ("<script>" OR "javascript:")