CVE-2024-4455 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-4455?

CVE-2024-4455 has a CVSS score of 7.2 (HIGH). This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the YITH WooCommerce Ajax Search plugin. When users visit pages containing the injected scripts, their browsers execute the attacker's code, potentially leading to session hijacking, data theft, or site defacement. All WordPress sites running vulnerable plugin versions are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the YITH WooCommerce Ajax Search plugin. When users visit pages containing the injected scripts, their browsers execute the attacker's code, potentially leading to session hijacking, data theft, or site defacement. All WordPress sites running vulnerable plugin versions are affected.

💻 Affected Systems

Products:

YITH WooCommerce Ajax Search

Versions: Up to and including 2.4.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin are affected regardless of configuration.

📦 What is this software?

Yith Woocommerce Ajax Search by Yithemes

View all CVEs affecting Yith Woocommerce Ajax Search →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, compromise user accounts, redirect visitors to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, display fraudulent content, or redirect users to phishing pages.

🟢

If Mitigated

With proper web application firewalls and input validation, exploitation attempts would be blocked, limiting impact to failed attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and exploitation is straightforward via crafted HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.1

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3091321

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find YITH WooCommerce Ajax Search. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.4.1+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate yith-woocommerce-ajax-search

Web Application Firewall Rule

all

Block requests containing malicious script patterns in the 'item' parameter

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to limit script execution
Deploy a web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins

Check Version:

wp plugin get yith-woocommerce-ajax-search --field=version

Verify Fix Applied:

Confirm plugin version is 2.4.1 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to admin-ajax.php with 'item' parameter containing script tags
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests with JavaScript payloads in URL parameters
Unusual traffic patterns to search functionality

SIEM Query:

source="web_logs" AND ("item=" AND ("<script" OR "javascript:" OR "onerror="))

📊 Metadata

CVE ID: CVE-2024-4455

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: May 24, 2024

Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4455, you might also want to check these: