CVE-2024-12770

4.8 MEDIUM

Cross-Site Scripting

📋 TL;DR

This vulnerability in the WP ULike WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view affected pages. It affects WordPress sites using WP ULike plugin versions before 4.7.6, particularly in multisite configurations where unfiltered_html capability is restricted.

💻 Affected Systems

Products:

• WP ULike WordPress Plugin

Versions: All versions before 4.7.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator or high-privilege user access. More impactful in WordPress multisite installations where unfiltered_html is disabled.

📦 What is this software?

Wp Ulike by Technowich

View all CVEs affecting Wp Ulike →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to site takeover, credential theft from users, or malware distribution to visitors.

🟠

Likely Case

Limited XSS attacks affecting logged-in users, potential session hijacking, or defacement of plugin-related pages.

🟢

If Mitigated

No impact if proper input validation and output escaping are implemented, or if plugin is updated.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative privileges. Attack vector is through plugin settings interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.6

Vendor Advisory: https://wpscan.com/vulnerability/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP ULike plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.7.6+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable WP ULike plugin until patched

Restrict Admin Access

all

Limit administrative accounts to trusted users only

🧯 If You Can't Patch

• Implement strict access controls for administrative accounts
• Enable WordPress security plugins with XSS protection features

🔍 How to Verify

Check if Vulnerable:

Copy

Check WP ULike plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

Copy

wp plugin list --name=wp-ulike --field=version

Verify Fix Applied:

Copy

Confirm plugin version is 4.7.6 or higher after update

📡 Detection & Monitoring

Log Indicators:

• Unusual plugin setting modifications
• Administrative user activity patterns

Network Indicators:

• Suspicious script injections in plugin-related requests

SIEM Query:

Copy

source="wordpress" AND (event="plugin_edit" OR event="settings_update") AND plugin="wp-ulike"

📊 Metadata

CVE ID: CVE-2024-12770

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.8th percentile)

Published: May 15, 2025

Last Updated: June 10, 2025

🔗 References

• https://wpscan.com/vulnerability/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3/ Exploit,Third Party Advisory
• https://wpscan.com/vulnerability/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3/ Exploit,Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12770, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)