CVE-2024-37487
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Directory Kit WordPress plugin. When users view these pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using WP Directory Kit versions up to 1.3.5 are affected.
💻 Affected Systems
- WP Directory Kit WordPress Plugin
📦 What is this software?
Wp Directory Kit by Wpdirectorykit
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, take over WordPress sites, install backdoors, or redirect users to malicious sites.
Likely Case
Attackers steal user session cookies, perform actions as logged-in users, or deface website content.
If Mitigated
Script execution is blocked by browser security features or Content Security Policy headers, limiting impact to specific user sessions.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited. Attackers need to trick users into clicking malicious links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.6 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-3-5-reflected-cross-site-scripting-xss-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Directory Kit. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 1.3.6+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable WP Directory Kit plugin until patched
wp plugin deactivate wpdirectorykit
Implement Content Security Policy
allAdd CSP headers to block inline script execution
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) with XSS protection rules
- Restrict plugin access to trusted users only using WordPress role management
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP Directory Kit version 1.3.5 or earlierCheck Version:
wp plugin get wpdirectorykit --field=versionVerify Fix Applied:
Verify WP Directory Kit version is 1.3.6 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests with script tags in parameters
- Multiple failed XSS attempts in web server logs
- Suspicious referrer URLs containing script payloads
Network Indicators:
- HTTP requests with JavaScript in query parameters
- Traffic patterns showing users clicking on malicious links
SIEM Query:
source="web_server_logs" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=") AND uri_path="*wpdirectorykit*"🔗 References
- https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-3-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-3-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
