CVE-2024-13751
📋 TL;DR
The 3D Photo Gallery WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Subscriber-level access or higher to inject malicious scripts into website pages. These scripts execute automatically when users visit compromised pages, potentially stealing credentials or hijacking sessions. All WordPress sites using this plugin version 1.3 or earlier are affected.
💻 Affected Systems
- 3D Photo Gallery WordPress Plugin
📦 What is this software?
3d Photo Gallery by Webdevocean
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or redirect visitors to malicious sites.
Likely Case
Attackers with subscriber accounts inject malicious scripts to steal session cookies or credentials from other users, potentially gaining administrative access.
If Mitigated
With proper input validation and output escaping, the vulnerability is eliminated; with subscriber account restrictions, risk is reduced but not eliminated.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via the 'des[]' parameter. Public proof-of-concept exists in vulnerability reports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check WordPress plugin repository for updates after 1.3
Vendor Advisory: https://plugins.trac.wordpress.org/browser/3d-photo-gallery/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find '3D Photo Gallery' and check for update. 4. If update available, click 'Update Now'. 5. If no update, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate 3d-photo-gallery
Restrict User Registration
allDisable new user registration to prevent attacker account creation
In WordPress Settings → General, uncheck 'Anyone can register'
🧯 If You Can't Patch
- Remove Subscriber role from all untrusted users and review existing subscriber accounts
- Implement web application firewall (WAF) rules to block XSS payloads targeting the 'des[]' parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for '3D Photo Gallery' version 1.3 or earlierCheck Version:
wp plugin get 3d-photo-gallery --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.3 or plugin is removed from installed plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php or plugin endpoints containing 'des[]' parameter with script tags
- Multiple failed login attempts followed by successful subscriber login
Network Indicators:
- HTTP requests with JavaScript payloads in 'des[]' parameter
- Unexpected outbound connections from WordPress server after page visits
SIEM Query:
source="wordpress" AND (uri_path="*admin-ajax.php*" OR uri_path="*wp-admin*" OR uri_path="*3d-photo-gallery*") AND http_param="des[]" AND (content="<script>" OR content="javascript:")