CVE-2024-3588 – The Getwid WordPress plugin's Countdown block h... (How to Fix)

Q: What is the severity of CVE-2024-3588?

CVE-2024-3588 has a CVSS score of 6.4 (MEDIUM). The Getwid WordPress plugin's Countdown block has a stored XSS vulnerability allowing authenticated attackers with contributor-level access or higher to inject malicious scripts into pages. These scripts execute when users view the compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using Getwid versions up to 2.0.7 are affected.

📋 TL;DR

The Getwid WordPress plugin's Countdown block has a stored XSS vulnerability allowing authenticated attackers with contributor-level access or higher to inject malicious scripts into pages. These scripts execute when users view the compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using Getwid versions up to 2.0.7 are affected.

💻 Affected Systems

Products:

Getwid – Gutenberg Blocks WordPress plugin

Versions: All versions up to and including 2.0.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Getwid plugin enabled. Contributor-level access or higher needed to exploit.

📦 What is this software?

Getwid by Motopress

View all CVEs affecting Getwid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface pages, or redirect visitors to malware distribution sites.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies, potentially compromising user accounts and performing actions on their behalf.

🟢

If Mitigated

With proper user role management and content review processes, impact is limited to potential defacement of specific pages rather than full site compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated user with at least contributor privileges. Public proof-of-concept available in GitHub pull request.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.8

Vendor Advisory: https://wordpress.org/plugins/getwid/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Getwid plugin and click 'Update Now'. 4. Verify plugin version shows 2.0.8 or higher.

🔧 Temporary Workarounds

Disable Getwid plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate getwid

Restrict user roles

all

Temporarily remove contributor-level access for untrusted users

🧯 If You Can't Patch

Implement strict content review process for all posts/pages created by contributors
Install web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Getwid version. If version is 2.0.7 or lower, you are vulnerable.

Check Version:

wp plugin get getwid --field=version

Verify Fix Applied:

After updating, verify Getwid version shows 2.0.8 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual post/page edits by contributor-level users
JavaScript injection in post_content fields

Network Indicators:

Suspicious outbound connections from WordPress pages to unknown domains

SIEM Query:

source="wordpress" AND (event="post_modified" OR event="page_modified") AND user_role="contributor" AND content CONTAINS "<script>"

📊 Metadata

CVE ID: CVE-2024-3588

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: May 2, 2024

Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3588, you might also want to check these: