CVE-2024-22287
📋 TL;DR
This CSRF vulnerability in the Better Anchor Links WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, which can lead to Cross-Site Scripting (XSS) attacks. The vulnerability affects all WordPress sites using Better Anchor Links versions up to 1.7.5. Attackers can inject malicious scripts that execute in administrators' browsers when they visit compromised pages.
💻 Affected Systems
- Better Anchor Links WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent XSS payloads that compromise administrator accounts, leading to complete site takeover, data theft, or malware distribution to visitors.
Likely Case
Attackers create malicious links that trick logged-in administrators into executing actions that inject XSS payloads into site pages, potentially compromising visitor data or redirecting users.
If Mitigated
With proper CSRF protections and content security policies, the attack surface is reduced, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users, but the technical complexity is low once the user is tricked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.6 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/better-anchor-links/wordpress-better-anchor-links-plugin-1-7-5-csrf-to-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Better Anchor Links' and click 'Update Now'. 4. Verify the plugin version is 1.7.6 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Better Anchor Links plugin until patched
wp plugin deactivate better-anchor-links
Implement CSRF Tokens
allAdd CSRF protection to WordPress forms if custom implementation is possible
🧯 If You Can't Patch
- Restrict administrative access to trusted networks only
- Implement Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Better Anchor Links versionCheck Version:
wp plugin get better-anchor-links --field=versionVerify Fix Applied:
Verify plugin version is 1.7.6 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin endpoints
- Multiple failed CSRF validation attempts
Network Indicators:
- Suspicious referrer headers in admin requests
- Unexpected iframe or script injections in page responses
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/*" AND method="POST") AND referrer NOT CONTAINS own_domain