CVE-2024-29774

7.1 HIGH

Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Directory Kit WordPress plugin. When users visit a specially crafted URL, the script executes in their browser, potentially stealing cookies, session tokens, or performing actions on their behalf. All WordPress sites using WP Directory Kit versions up to 1.2.9 are affected.

💻 Affected Systems

Products:

• WP Directory Kit WordPress Plugin

Versions: All versions up to and including 1.2.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the plugin's input handling during web page generation. No special configuration is required to be vulnerable.

📦 What is this software?

Wp Directory Kit by Wpdirectorykit

View all CVEs affecting Wp Directory Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers steal user session cookies, perform actions as authenticated users, or redirect users to phishing pages.

🟢

If Mitigated

With proper input validation and output encoding, the XSS payload would be neutralized before reaching users.

🌐 Internet-Facing: HIGH - This is a reflected XSS vulnerability that requires users to click malicious links, but WordPress sites are typically internet-facing and attackers can craft convincing phishing campaigns.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing emails or internal links, but the attack surface is smaller than internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS vulnerabilities are commonly exploited via phishing campaigns. Attackers need to trick users into clicking malicious links containing the XSS payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.0 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Directory Kit. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.3.0+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable WP Directory Kit Plugin

linux

Temporarily disable the vulnerable plugin until patched

Copy

wp plugin deactivate wpdirectorykit

Implement WAF Rules

all

Add web application firewall rules to block XSS payloads

Copy

# Configure WAF to filter <script> tags and JavaScript events in URL parameters

🧯 If You Can't Patch

• Implement Content Security Policy (CSP) headers to restrict script execution
• Use browser security features like HttpOnly cookies and SameSite attributes

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Installed Plugins for WP Directory Kit version. If version is 1.2.9 or lower, you are vulnerable.

Check Version:

Copy

wp plugin get wpdirectorykit --field=version

Verify Fix Applied:

Copy

After updating, verify WP Directory Kit version is 1.3.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unusual long URLs with script tags or JavaScript in parameters
• Multiple failed requests with XSS payload patterns

Network Indicators:

• HTTP requests containing <script>, javascript:, or on* event handlers in URL parameters

SIEM Query:

Copy

source="web_server_logs" AND (uri="*<script>*" OR uri="*javascript:*" OR uri="*onclick=*" OR uri="*onload=*")

📊 Metadata

CVE ID: CVE-2024-29774

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: March 27, 2024

Last Updated: March 5, 2025

🔗 References

• https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory
• https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29774, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)