Login Sign Up

CVE-2024-37117

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages generated by Uncanny Automator Pro, which could execute in users' browsers. It affects WordPress sites using Uncanny Automator Pro plugin versions up to 5.3. The vulnerability is reflected XSS, meaning the malicious input is immediately returned in the server response.

💻 Affected Systems

Products:
  • Uncanny Automator Pro WordPress Plugin
Versions: All versions up to and including 5.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Uncanny Automator Pro plugin active.

📦 What is this software?

Uncanny Automator by Uncannyowl

View all CVEs affecting Uncanny Automator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deface websites.

🟠

Likely Case

Session hijacking leading to unauthorized access, credential theft, or malicious redirection.

🟢

If Mitigated

Minimal impact if input validation and output encoding are properly implemented.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and XSS payloads can be delivered via links.
🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.4 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/uncanny-automator-pro/wordpress-uncanny-automator-pro-plugin-5-3-reflected-cross-site-scripting-xss-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Uncanny Automator Pro. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from vendor and upload via FTP.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user inputs before processing.

Add input sanitization in affected plugin files using WordPress functions like sanitize_text_field() or esc_html()

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to WordPress functions.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

  • Disable Uncanny Automator Pro plugin until patched
  • Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Uncanny Automator Pro version. If version is 5.3 or lower, it's vulnerable.

Check Version:

wp plugin list --name=uncanny-automator-pro --field=version (WP-CLI) or check WordPress admin plugins page

Verify Fix Applied:

Confirm plugin version is 5.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET/POST requests with script tags or JavaScript in parameters
  • Multiple 400/500 errors from plugin endpoints

Network Indicators:

  • HTTP requests containing <script>, javascript:, or encoded XSS payloads in query strings

SIEM Query:

source="web_logs" AND (uri="*uncanny-automator*" OR uri="*automator*") AND (query="*<script>*" OR query="*javascript:*" OR query="*onerror=*" OR query="*onload=*")

📊 Metadata

CVE ID: CVE-2024-37117
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: July 22, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37117, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)