CVE-2024-35730
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into web pages generated by the Active Products Tables for WooCommerce WordPress plugin. When users visit a specially crafted URL, the script executes in their browser, potentially stealing session cookies or performing actions on their behalf. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Active Products Tables for WooCommerce WordPress plugin
📦 What is this software?
Woot by Pluginus
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress admin accounts, install backdoors, deface websites, or redirect users to malicious sites.
Likely Case
Attackers steal user session cookies or credentials, perform actions as authenticated users, or redirect users to phishing pages.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be neutralized before reaching users' browsers.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited and require minimal technical skill. Attackers need to trick users into clicking malicious links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Active Products Tables for WooCommerce'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.
🔧 Temporary Workarounds
Input Validation Web Application Firewall Rule
allConfigure WAF to block requests containing suspicious script patterns in URL parameters
Content Security Policy Header
allImplement CSP headers to restrict script execution sources
Header set Content-Security-Policy "default-src 'self'; script-src 'self'" in .htaccess or web server config
🧯 If You Can't Patch
- Disable or remove the Active Products Tables for WooCommerce plugin
- Implement strict Content Security Policy headers to mitigate script execution
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for 'Active Products Tables for WooCommerce' version 1.0.6.3 or earlierCheck Version:
wp plugin list --name='Active Products Tables for WooCommerce' --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is 1.0.6.4 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual long URLs with script tags in access logs
- Multiple failed requests to plugin endpoints with suspicious parameters
Network Indicators:
- HTTP requests containing <script> tags in URL parameters
- Outbound connections to suspicious domains after visiting plugin pages
SIEM Query:
web.url:*<script* OR web.url:*javascript:* AND web.url:*wp-content/plugins/active-products-tables*🔗 References
- https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
