CVE-2024-43225
📋 TL;DR
This stored XSS vulnerability in the Enter Addons WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. All WordPress sites using Enter Addons versions up to 2.1.7 are affected. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- ThemeLooks Enter Addons WordPress Plugin
📦 What is this software?
Enter Addons by Themelooks
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to WordPress sites, install backdoors, steal sensitive data, deface websites, or use compromised sites for further attacks.
Likely Case
Attackers steal user session cookies to hijack accounts, inject malicious redirects to phishing sites, or display fraudulent content to visitors.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users, preventing successful exploitation.
🎯 Exploit Status
XSS vulnerabilities are commonly exploited, and WordPress plugins are frequent targets. The vulnerability requires attacker access to input fields but is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.8 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/enteraddons/wordpress-enter-addons-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Enter Addons' and click 'Update Now'. 4. Verify version is 2.1.8 or higher after update.
🔧 Temporary Workarounds
Disable Enter Addons Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate enteraddons
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Remove or disable the Enter Addons plugin completely
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Enter Addons version. If version is 2.1.7 or lower, you are vulnerable.Check Version:
wp plugin get enteraddons --field=versionVerify Fix Applied:
After updating, verify Enter Addons version shows 2.1.8 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php with script tags
- Multiple failed login attempts followed by plugin modification requests
- User agents containing script injection patterns
Network Indicators:
- Outbound connections to suspicious domains from WordPress server
- Unexpected iframe or script tags in HTTP responses
SIEM Query:
source="wordpress.log" AND ("enteraddons" OR "admin-ajax.php") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")