CVE-2024-37495 – This stored XSS vulnerability in the Mediavine ... (How to Fix)

Q: What is the severity of CVE-2024-37495?

CVE-2024-37495 has a CVSS score of 6.5 (MEDIUM). This stored XSS vulnerability in the Mediavine Create WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all WordPress sites using the Mediavine Create plugin versions up to 1.9.7. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

This stored XSS vulnerability in the Mediavine Create WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all WordPress sites using the Mediavine Create plugin versions up to 1.9.7. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

WordPress Create by Mediavine plugin

Versions: n/a through 1.9.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations using vulnerable versions of the plugin regardless of configuration.

📦 What is this software?

Create by Mediavine

View all CVEs affecting Create →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or use the compromised site to attack visitors.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies, redirect users to phishing sites, or perform actions as authenticated users.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized and rendered harmless.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities are commonly exploited and weaponized. While no public PoC is mentioned, stored XSS is relatively easy to exploit once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.8 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/mediavine-create/wordpress-create-by-mediavine-plugin-1-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Create by Mediavine' and click 'Update Now'. 4. Alternatively, download version 1.9.8+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable plugin temporarily

all

Deactivate the vulnerable plugin until patched

wp plugin deactivate mediavine-create

Implement WAF rules

all

Add XSS protection rules to web application firewall

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Enable WordPress security plugins with XSS protection features

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Create by Mediavine' version

Check Version:

wp plugin get mediavine-create --field=version

Verify Fix Applied:

Verify plugin version is 1.9.8 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to plugin endpoints
Suspicious JavaScript in database content fields

Network Indicators:

Malicious script tags in HTTP requests to WordPress admin
Unexpected redirects from plugin pages

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "mediavine") AND (http_method="POST" AND (request_body CONTAINS "<script>" OR request_body CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-37495

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: July 21, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37495, you might also want to check these: