CVE-2024-13379
📋 TL;DR
The C9 Admin Dashboard WordPress plugin up to version 1.3.5 allows authenticated attackers with Author-level access or higher to upload malicious SVG files containing JavaScript. When these SVG files are accessed by users, the embedded scripts execute in their browsers, enabling persistent cross-site scripting attacks.
💻 Affected Systems
- C9 Admin Dashboard WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, deface websites, or redirect users to malicious sites through persistent XSS payloads.
Likely Case
Attackers with author accounts inject malicious scripts that execute when users view uploaded SVG files, potentially stealing cookies or session tokens.
If Mitigated
With proper user access controls and content security policies, impact is limited to isolated script execution without access to sensitive data.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple - just upload a malicious SVG file with embedded JavaScript.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.6 or later
Vendor Advisory: https://wordpress.org/plugins/c9-admin-dashboard/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find C9 Admin Dashboard
4. Click 'Update Now' if available
5. If no update appears, manually download version 1.3.6+ from WordPress.org
6. Deactivate old version, upload new version, activate
🔧 Temporary Workarounds
Disable SVG Uploads
allPrevent SVG file uploads through WordPress media library
Add to wp-config.php: define('ALLOW_UNFILTERED_UPLOADS', false);
Add to functions.php: add_filter('upload_mimes', function($mimes) { unset($mimes['svg']); return $mimes; });
Restrict Author Role Access
allTemporarily remove upload capabilities from Author roles
Use plugin like 'User Role Editor' to remove 'upload_files' capability from Author role
🧯 If You Can't Patch
- Deactivate the C9 Admin Dashboard plugin immediately
- Implement Content Security Policy headers to restrict script execution from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → C9 Admin Dashboard → Version. If version is 1.3.5 or lower, you are vulnerable.Check Version:
wp plugin list --name=c9-admin-dashboard --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.3.6 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads by Author-level users
- Multiple failed login attempts followed by SVG uploads
Network Indicators:
- Requests to SVG files with suspicious parameters or unusual file sizes
SIEM Query:
source="wordpress.log" AND ("uploaded.*svg" OR "c9-admin-dashboard") AND user_role="author"🔗 References
- https://plugins.trac.wordpress.org/browser/c9-admin-dashboard/trunk/c9-admin.php#L51
- https://plugins.trac.wordpress.org/browser/c9-admin-dashboard/trunk/c9-admin.php#L59
- https://wordpress.org/plugins/c9-admin-dashboard/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/88f4af1b-5e3c-4129-93c3-4f368bd2b0db?source=cve
