CVE-2024-13461

6.4 MEDIUM

Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in the Autoship Cloud for WooCommerce plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages. When users visit compromised pages, the scripts execute in their browsers, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using this plugin up to version 2.8.0 are affected.

💻 Affected Systems

Products:

• Autoship Cloud for WooCommerce Subscription Products

Versions: All versions up to and including 2.8.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with the vulnerable plugin installed and at least one user with contributor-level access.

📦 What is this software?

Autoship Cloud by Patternsinthecloud

View all CVEs affecting Autoship Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, install backdoors, or redirect users to phishing/malware sites.

🟠

Likely Case

Attackers with contributor access inject malicious scripts that steal user session data or redirect to malicious content.

🟢

If Mitigated

With proper access controls and input validation, impact is limited to script execution in victim browsers without further system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.1 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Autoship Cloud for WooCommerce Subscription Products'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.8.1+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Remove Contributor Access

all

Temporarily remove contributor-level access from untrusted users until patch is applied.

Disable Shortcode

all

Remove or disable the 'autoship-create-scheduled-order-action' shortcode from all posts/pages.

🧯 If You Can't Patch

• Implement strict user access controls and limit contributor privileges
• Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Installed Plugins for Autoship Cloud plugin version 2.8.0 or earlier.

Check Version:

Copy

wp plugin list --name='autoship-cloud' --field=version

Verify Fix Applied:

Copy

Verify plugin version is 2.8.1 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unusual shortcode modifications in post/page edits
• Multiple failed login attempts followed by contributor account activity

Network Indicators:

• Suspicious JavaScript payloads in HTTP requests to WordPress admin

SIEM Query:

Copy

source="wordpress.log" AND ("autoship-create-scheduled-order-action" OR "autoship-cloud") AND ("script" OR "javascript" OR "onclick")

📊 Metadata

CVE ID: CVE-2024-13461

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (22.8th percentile)

Published: February 21, 2025

Last Updated: February 25, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail= Patch
• https://www.wordfence.com/threat-intel/vulnerabilities/id/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13461, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)