CVE-2024-13469
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pricing table button links. The scripts are stored and execute whenever other users view the affected pages. All WordPress sites using the Pricing Table by PickPlugins plugin up to version 1.12.10 are affected.
💻 Affected Systems
- Pricing Table by PickPlugins WordPress plugin
📦 What is this software?
Pricing Table by Pickplugins
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of users, or deploy malware to visitors' browsers.
Likely Case
Attackers with contributor access inject malicious scripts that steal user data or perform unauthorized actions when other users view compromised pages.
If Mitigated
With proper user access controls and content review processes, the impact is limited to potential data exposure from compromised contributor accounts.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has contributor credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.12.11 or later
Vendor Advisory: https://wordpress.org/plugins/pricingtable/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Pricing Table by PickPlugins' and click 'Update Now'. 4. Verify the plugin version is 1.12.11 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Pricing Table plugin until patched
wp plugin deactivate pricingtable
Restrict user roles
linuxTemporarily remove contributor-level access for untrusted users
wp user list --role=contributor --field=ID | xargs wp user set-role subscriber
🧯 If You Can't Patch
- Implement strict content review process for all contributor submissions
- Add web application firewall rules to block XSS payloads in button link parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Pricing Table by PickPlugins → Version. If version is 1.12.10 or lower, you are vulnerable.Check Version:
wp plugin get pricingtable --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.12.11 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/admin-ajax.php with pricingtable parameters
- Multiple page edits by contributor accounts in short time
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected JavaScript loading from your domain
SIEM Query:
source="wordpress.log" AND ("pricingtable" OR "button_link") AND ("script" OR "javascript" OR "onclick")