CVE-2024-35701 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-35701?

CVE-2024-35701 has a CVSS score of 6.5 (MEDIUM). This stored cross-site scripting (XSS) vulnerability in the PropertyHive WordPress plugin allows attackers to inject malicious scripts into web pages. When users view affected pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using PropertyHive versions up to 2.0.13 are affected.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in the PropertyHive WordPress plugin allows attackers to inject malicious scripts into web pages. When users view affected pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using PropertyHive versions up to 2.0.13 are affected.

💻 Affected Systems

Products:

PropertyHive WordPress Plugin

Versions: n/a through 2.0.13

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations using vulnerable PropertyHive versions are affected regardless of configuration.

📦 What is this software?

Propertyhive by Wp Property Hive

View all CVEs affecting Propertyhive →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over WordPress sites, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers inject malicious JavaScript that steals user session cookies or credentials when users visit compromised property pages, leading to account takeover.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Stored XSS vulnerabilities are commonly exploited, though specific exploit details for this CVE aren't publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.14 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-13-cross-site-scripting-xss-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find PropertyHive and click 'Update Now'. 4. Verify update to version 2.0.14 or higher.

🔧 Temporary Workarounds

Disable PropertyHive Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate propertyhive

Implement WAF Rules

all

Configure web application firewall to block XSS payloads targeting PropertyHive endpoints.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict script execution
Enable WordPress security plugins with XSS protection features

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > PropertyHive version. If version is 2.0.13 or lower, system is vulnerable.

Check Version:

wp plugin get propertyhive --field=version

Verify Fix Applied:

After update, verify PropertyHive version shows 2.0.14 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to PropertyHive endpoints with script tags
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests containing JavaScript payloads to /wp-content/plugins/propertyhive/ endpoints

SIEM Query:

source="web_server" AND (uri="*propertyhive*" AND (content="<script>" OR content="javascript:"))

📊 Metadata

CVE ID: CVE-2024-35701

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: June 8, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35701, you might also want to check these: