CVE-2024-13827
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Razorpay Subscription Button Elementor Plugin. When users click on specially crafted links, the scripts execute in their browsers, potentially stealing credentials or session cookies. All WordPress sites using this plugin up to version 1.0.3 are affected.
💻 Affected Systems
- Razorpay Subscription Button Elementor Plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator credentials, take over the WordPress site, install backdoors, or redirect users to malicious sites.
Likely Case
Attackers steal user session cookies or credentials through phishing links, leading to account compromise.
If Mitigated
With proper input validation and output escaping, the vulnerability is prevented, and no script injection occurs.
🎯 Exploit Status
Exploitation requires tricking users into clicking malicious links, but the technical barrier is low.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check WordPress plugin repository for updates beyond 1.0.3
Vendor Advisory: https://wordpress.org/plugins/razorpay-subscription-button-elementor/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Razorpay Subscription Button Elementor' and click 'Update Now' if available. 4. If no update is available, consider disabling or removing the plugin.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin to prevent exploitation.
wp plugin deactivate razorpay-subscription-button-elementor
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with XSS protection rules.
- Educate users to avoid clicking suspicious links and monitor for unusual activity.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is 1.0.3 or lower, it is vulnerable.Check Version:
wp plugin get razorpay-subscription-button-elementor --field=versionVerify Fix Applied:
After updating, verify the plugin version is above 1.0.3 and test URL parameters for script injection.📡 Detection & Monitoring
Log Indicators:
- Unusual URL parameters with script tags in WordPress access logs
- Multiple failed login attempts or session hijacking alerts
Network Indicators:
- HTTP requests with suspicious query strings containing JavaScript code
SIEM Query:
source="wordpress_access.log" AND uri_query="*<script>*"🔗 References
- https://plugins.trac.wordpress.org/browser/razorpay-subscription-button-elementor/tags/1.0.3/includes/rzp-payment-buttons.php#L78
- https://wordpress.org/plugins/razorpay-subscription-button-elementor/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a8cdde8d-db43-4702-81c3-ea2d867baa8d?source=cve
