CVE-2024-12290
📋 TL;DR
The Infility Global WordPress plugin has a reflected cross-site scripting vulnerability in all versions up to 2.9.8. Unauthenticated attackers can inject malicious scripts via the 'set_type' parameter, which execute when victims click specially crafted links. This affects all WordPress sites using vulnerable versions of the plugin.
💻 Affected Systems
- Infility Global WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users if they can trick administrators into clicking malicious links.
Likely Case
Attackers create phishing links that steal user session cookies or redirect to malicious sites when clicked by WordPress users.
If Mitigated
With proper input validation and output escaping, malicious scripts would be neutralized before execution.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly weaponized in phishing campaigns. No public exploit code identified but trivial to craft.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.9.9 or later
Vendor Advisory: https://wordpress.org/plugins/infility-global/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Infility Global' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version from WordPress repository.
🔧 Temporary Workarounds
Input Validation via Web Application Firewall
allConfigure WAF to block requests containing script tags or JavaScript in the set_type parameter
Disable Plugin
linuxTemporarily disable the Infility Global plugin until patched
wp plugin deactivate infility-global
🧯 If You Can't Patch
- Implement Content Security Policy headers to restrict script execution
- Use web application firewall to filter malicious requests to set_type parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Infility Global version. If version is 2.9.8 or lower, system is vulnerable.Check Version:
wp plugin list --name=infility-global --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.9.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'set_type' parameter with script tags or JavaScript code
- Unusual referrer headers containing encoded script payloads
Network Indicators:
- GET requests with suspicious parameters containing <script> tags or JavaScript functions
SIEM Query:
source="web_server_logs" AND uri="*set_type=*" AND (uri="*<script>*" OR uri="*javascript:*")