CVE-2024-2872
📋 TL;DR
The socialdriver-framework WordPress plugin before version 2024.04.30 has a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticated users with contributor-level privileges or higher to inject malicious scripts that execute when other users view affected pages, even in WordPress multisite configurations where unfiltered_html is normally restricted. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- socialdriver-framework WordPress plugin
📦 What is this software?
Swift Framework by Swiftideas
⚠️ Risk & Real-World Impact
Worst Case
An attacker with contributor access could inject malicious JavaScript that steals administrator session cookies, leading to full site compromise, data theft, or malware distribution to visitors.
Likely Case
Authenticated attackers inject malicious scripts that execute when administrators or other users view plugin settings pages, potentially leading to privilege escalation or session hijacking.
If Mitigated
With proper user access controls and regular security monitoring, impact is limited to potential data exposure from affected user sessions.
🎯 Exploit Status
Exploitation requires contributor-level or higher WordPress user account. The vulnerability is in plugin settings that should be accessible to authenticated users with appropriate privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.04.30
Vendor Advisory: https://wpscan.com/vulnerability/15d3150c-673c-4c36-ac5e-85767d78b9eb/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'socialdriver-framework' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2024.04.30+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched version is available
wp plugin deactivate socialdriver-framework
Restrict User Capabilities
allTemporarily remove contributor role or restrict access to plugin settings
Use WordPress role management plugins or custom code to modify capabilities
🧯 If You Can't Patch
- Remove contributor role access or implement strict user access controls
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → socialdriver-framework version. If version is below 2024.04.30, you are vulnerable.Check Version:
wp plugin get socialdriver-framework --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2024.04.30 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual plugin settings modifications by contributor-level users
- Multiple failed login attempts followed by plugin settings access
Network Indicators:
- HTTP POST requests to wp-admin/admin.php?page=socialdriver-framework with script tags in parameters
SIEM Query:
source="wordpress.log" AND ("socialdriver-framework" AND "settings" AND ("<script>" OR "javascript:"))