CVE-2024-13352 – The Legull WordPress plugin through version 1.2... (How to Fix)

Q: What is the severity of CVE-2024-13352?

CVE-2024-13352 has a CVSS score of 7.1 (HIGH). The Legull WordPress plugin through version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized user input is reflected back in page output. This allows attackers to inject malicious scripts that execute in the browser of high-privilege users like administrators. WordPress sites using vulnerable versions of the Legull plugin are affected.

📋 TL;DR

The Legull WordPress plugin through version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized user input is reflected back in page output. This allows attackers to inject malicious scripts that execute in the browser of high-privilege users like administrators. WordPress sites using vulnerable versions of the Legull plugin are affected.

💻 Affected Systems

Products:

Legull WordPress Plugin

Versions: through 1.2.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with Legull plugin version 1.2.2 or earlier are vulnerable by default. The vulnerability requires user interaction (clicking a malicious link).

📦 What is this software?

Legull by Alwayscurious

View all CVEs affecting Legull →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator session cookies, perform actions as the administrator (like installing backdoors or creating new admin accounts), or redirect users to malicious sites.

🟠

Likely Case

Attackers would typically use this to steal session cookies or credentials from administrators who click on crafted malicious links.

🟢

If Mitigated

With proper web application firewalls and input validation, the risk is reduced to minimal impact with potential detection of attack attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting malicious URLs and social engineering to get high-privilege users to click them. No authentication bypass is needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.2.2

Vendor Advisory: https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Legull plugin and update to latest version. 4. If update not available, deactivate and remove the plugin.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Implement WAF rules to block XSS payloads in query parameters

Input Validation Filter

wordpress

Add custom input sanitization for WordPress query parameters

add_filter('query_vars', 'sanitize_legull_params');

🧯 If You Can't Patch

Disable or remove the Legull plugin completely
Implement strict Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Legull version 1.2.2 or earlier

Check Version:

wp plugin list --name=legull --field=version

Verify Fix Applied:

Verify Legull plugin version is higher than 1.2.2 in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual query parameters containing script tags or JavaScript in WordPress access logs
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests with suspicious parameters containing <script> tags or JavaScript code

SIEM Query:

source="wordpress.log" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-13352

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 1.19% exploit probability (78.5th percentile)

Published: February 7, 2025

Last Updated: January 9, 2026

🔗 References

https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13352, you might also want to check these: