CVE-2024-35696 – This CVE describes a reflected cross-site scrip... (How to Fix)

Q: What is the severity of CVE-2024-35696?

CVE-2024-35696 has a CVSS score of 7.1 (HIGH). This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WP Docs WordPress plugin. Attackers can inject malicious scripts via user input that gets reflected in web pages without proper sanitization. WordPress sites using WP Docs versions up to 2.1.3 are affected.

📋 TL;DR

This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WP Docs WordPress plugin. Attackers can inject malicious scripts via user input that gets reflected in web pages without proper sanitization. WordPress sites using WP Docs versions up to 2.1.3 are affected.

💻 Affected Systems

Products:

WP Docs WordPress Plugin

Versions: n/a through 2.1.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with WP Docs plugin enabled and within affected version range are vulnerable by default.

📦 What is this software?

Wp Docs by Androidbubble

View all CVEs affecting Wp Docs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers craft malicious links containing XSS payloads that execute when victims click them, potentially stealing session data or performing limited unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is technically simple to exploit once the vulnerable parameter is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.4 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-docs/wordpress-wp-docs-plugin-2-1-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Docs and click 'Update Now'. 4. Verify update to version 2.1.4 or higher.

🔧 Temporary Workarounds

Disable WP Docs Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-docs

Web Application Firewall (WAF)

all

Configure WAF rules to block XSS payloads targeting WP Docs endpoints

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Use web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WP Docs plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

wp plugin list --name=wp-docs --field=version

Verify Fix Applied:

Verify WP Docs plugin version is 2.1.4 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests to WP Docs endpoints with script tags or JavaScript payloads
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests containing <script>, javascript:, or other XSS payloads targeting WP Docs URLs

SIEM Query:

source="web_server_logs" AND (uri="*wp-docs*" AND (content="<script>" OR content="javascript:"))

📊 Metadata

CVE ID: CVE-2024-35696

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: June 8, 2024

Last Updated: December 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35696, you might also want to check these: