CVE-2024-13458
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious JavaScript into pages using the plugin's 'noticefaq' shortcode. The injected scripts execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using the SEO Friendly Accordion FAQ plugin versions 2.2.1 and earlier are affected.
💻 Affected Systems
- WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, redirect visitors to malicious sites, or use the site as a malware distribution platform.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, redirect users to phishing pages, or display unwanted advertisements.
If Mitigated
With proper user access controls and content moderation, the impact is limited to potential defacement of specific pages containing the shortcode.
🎯 Exploit Status
Exploitation requires authenticated access (contributor or higher) and knowledge of WordPress shortcode usage. The vulnerability is well-documented with public proof-of-concept examples.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/notice-faq/trunk/noticefaq.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'SEO Friendly Accordion FAQ with AI assisted content generation'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.2.2+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate notice-faq
Remove contributor shortcode permissions
allModify user roles to prevent contributors from using shortcodes
🧯 If You Can't Patch
- Implement strict user access controls - limit contributor accounts to trusted users only
- Enable WordPress content security policies (CSP) to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → SEO Friendly Accordion FAQ version. If version is 2.2.1 or earlier, you are vulnerable.Check Version:
wp plugin get notice-faq --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.2.2 or later in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode usage in post/page edits
- Multiple failed login attempts followed by successful contributor login
- Posts/pages with suspicious script tags in content
Network Indicators:
- Unexpected external JavaScript loads from WordPress pages
- Suspicious outbound connections after page views
SIEM Query:
source="wordpress" AND (event="post_edit" AND content CONTAINS "noticefaq") OR (event="plugin_update" AND plugin="notice-faq")