CVE-2024-13624
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsanitized parameters in the WPMovieLibrary plugin. When exploited, it enables cross-site scripting attacks that could compromise high-privilege user accounts like administrators. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WPMovieLibrary WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, gain full control of the WordPress site, install backdoors, or redirect users to malicious sites.
Likely Case
Attackers would use this to steal admin credentials or session tokens, potentially gaining administrative access to the WordPress installation.
If Mitigated
With proper web application firewalls and input validation, the attack would be blocked before reaching the vulnerable plugin code.
🎯 Exploit Status
Exploitation requires tricking an authenticated user (preferably admin) to click a malicious link. The vulnerability is reflected XSS, meaning the payload executes immediately in the victim's browser.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.1.4.9 or later
Vendor Advisory: https://wpscan.com/vulnerability/c19b56cc-634f-420f-b6a0-9a10ad159049/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WPMovieLibrary and click 'Update Now'. 4. Alternatively, download latest version from WordPress repository and manually replace plugin files.
🔧 Temporary Workarounds
Disable WPMovieLibrary Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wp-movie-library
Web Application Firewall Rule
allAdd WAF rule to block malicious parameter values containing script tags
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use WordPress security plugins that include XSS protection features
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for WPMovieLibrary version. If version is 2.1.4.8 or earlier, you are vulnerable.Check Version:
wp plugin list --name=wp-movie-library --field=versionVerify Fix Applied:
After updating, verify WPMovieLibrary version shows 2.1.4.9 or later in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests containing script tags or JavaScript code in parameters
- Multiple failed login attempts following suspicious parameter requests
Network Indicators:
- HTTP requests with encoded script payloads in query parameters
- Traffic patterns showing users being redirected after visiting admin pages
SIEM Query:
source="wordpress" AND (uri="*<script*" OR uri="*javascript:*" OR uri="*onload=*" OR uri="*onerror=*")