CVE-2024-12384 – The Binary MLM Woocommerce WordPress plugin con... (How to Fix)

Q: What is the severity of CVE-2024-12384?

CVE-2024-12384 has a CVSS score of 6.1 (MEDIUM). The Binary MLM Woocommerce WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability in the 'page' parameter that allows unauthenticated attackers to inject malicious scripts. When a user clicks a specially crafted link, the script executes in their browser context, potentially stealing session cookies or performing unauthorized actions. All WordPress sites using this plugin up to version 2.0 are affected.

📋 TL;DR

The Binary MLM Woocommerce WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability in the 'page' parameter that allows unauthenticated attackers to inject malicious scripts. When a user clicks a specially crafted link, the script executes in their browser context, potentially stealing session cookies or performing unauthorized actions. All WordPress sites using this plugin up to version 2.0 are affected.

💻 Affected Systems

Products:

Binary MLM Woocommerce WordPress Plugin

Versions: All versions up to and including 2.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in multiple admin files: payout-report.php and register-first-user.php. Requires the plugin to be installed and activated.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of the WordPress site, install backdoors, deface the site, or steal sensitive customer data from the e-commerce platform.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, redirect users to malicious sites, or perform limited actions within the user's privilege level.

🟢

If Mitigated

Script execution is blocked by modern browser XSS protections or Content Security Policy headers, limiting impact to basic phishing attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS vulnerabilities are commonly weaponized in phishing campaigns. No public exploit code is required as the vulnerability is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/woo-binary-mlm

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Binary MLM Woocommerce'. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.1+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Implement Web Application Firewall (WAF)

all

Configure WAF rules to block XSS payloads in URL parameters

Add Content Security Policy Header

linux

Implement CSP to restrict script execution sources

Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to .htaccess for Apache or nginx.conf for Nginx

🧯 If You Can't Patch

Disable the Binary MLM Woocommerce plugin immediately
Restrict access to admin pages using IP whitelisting or authentication requirements

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Binary MLM Woocommerce' version. If version is 2.0 or lower, you are vulnerable.

Check Version:

wp plugin list --name='binary-mlm-woocommerce' --field=version (if WP-CLI installed)

Verify Fix Applied:

After updating, verify plugin version shows 2.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual GET requests with script tags in 'page' parameter
Multiple failed login attempts following suspicious URL accesses
Admin pages accessed with encoded JavaScript in URL parameters

Network Indicators:

HTTP requests containing <script>, javascript:, or encoded XSS payloads in URL parameters
Outbound connections to suspicious domains following admin page access

SIEM Query:

source="web_server_logs" AND (uri="*page=*<script>*" OR uri="*page=*javascript:*" OR uri="*page=*%3Cscript%3E*")

📊 Metadata

CVE ID: CVE-2024-12384

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 1.24% exploit probability (78.9th percentile)

Published: January 7, 2025

Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12384, you might also want to check these: