CVE-2024-29099
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into web pages generated by the Evergreen Content Poster WordPress plugin. When a user visits a specially crafted URL, the script executes in their browser, potentially stealing cookies, session tokens, or performing actions on their behalf. It affects all WordPress sites using this plugin up to version 1.4.1.
💻 Affected Systems
- Evergreen Content Poster WordPress Plugin
📦 What is this software?
Evergreen Content Poster by Evergreencontentposter
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect users to malicious sites.
Likely Case
Attackers steal user session data or credentials through phishing links, potentially compromising individual accounts.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited through phishing emails or malicious links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Evergreen Content Poster. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.4.2+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the Evergreen Content Poster plugin until patched.
wp plugin deactivate evergreen-content-poster
Web Application Firewall (WAF)
allConfigure WAF rules to block XSS payloads targeting the vulnerable endpoint.
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution sources.
- Use browser security extensions that block reflected XSS attacks.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Evergreen Content Poster version 1.4.1 or earlier.Check Version:
wp plugin get evergreen-content-poster --field=versionVerify Fix Applied:
Confirm plugin version is 1.4.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests containing script tags or JavaScript payloads to plugin endpoints
- Multiple failed login attempts following suspicious URL visits
Network Indicators:
- HTTP requests with suspicious parameters containing <script>, javascript:, or encoded payloads
SIEM Query:
source="wordpress.log" AND ("evergreen-content-poster" OR "ecp_") AND ("<script>" OR "javascript:" OR "%3Cscript%3E")🔗 References
- https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
