CVE-2024-13664
📋 TL;DR
The WP Post List Table WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 1.0.3 are affected.
💻 Affected Systems
- WP Post List Table WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or perform actions as authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers inject malicious scripts to steal user session cookies or credentials, perform clickjacking, or display unwanted content to visitors.
If Mitigated
With proper input validation and output escaping, the vulnerability is eliminated, preventing script injection entirely.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once access is obtained. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.4
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3227735/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WP Post List Table' and click 'Update Now'. 4. Verify plugin version is 1.0.4 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate wp-post-list-table
Restrict User Roles
allLimit contributor and author roles to trusted users only
🧯 If You Can't Patch
- Implement web application firewall rules to block XSS payloads in shortcode attributes
- Remove contributor and author access from untrusted users and review existing user permissions
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP Post List Table version 1.0.3 or lowerCheck Version:
wp plugin get wp-post-list-table --field=versionVerify Fix Applied:
Verify plugin version shows 1.0.4 or higher in WordPress admin plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode usage patterns
- Multiple failed login attempts followed by successful contributor login
- POST requests to wp-admin with suspicious attribute values
Network Indicators:
- Inbound traffic from unexpected sources to wp-admin
- Outbound connections to suspicious domains after page visits
SIEM Query:
source="wordpress" AND (plugin="wp-post-list-table" AND version<="1.0.3") OR (event="shortcode_execution" AND attributes CONTAINS "script" OR "javascript")