CVE-2024-45455
📋 TL;DR
This stored XSS vulnerability in the WP Meta SEO WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. All WordPress sites using WP Meta SEO versions up to 4.5.13 are affected. Attackers can steal session cookies, redirect users, or perform actions on behalf of authenticated users.
💻 Affected Systems
- WordPress WP Meta SEO plugin
📦 What is this software?
Wp Meta Seo by Joomunited
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the site, or use the compromised site to attack visitors.
Likely Case
Attackers steal user session cookies to hijack accounts, redirect users to malicious sites, or display phishing content to visitors.
If Mitigated
With proper input validation and output escaping, the malicious scripts would be neutralized before reaching users.
🎯 Exploit Status
Exploitation requires contributor-level access or higher to inject malicious scripts, but once stored, the payload executes for all users viewing the affected page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.5.14 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/wp-meta-seo/wordpress-wp-meta-seo-plugin-4-5-13-cross-site-scripting-xss-vulnerability-2?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Meta SEO and click 'Update Now' if available. 4. If automatic update isn't available, download version 4.5.14+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable WP Meta SEO plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wp-meta-seo
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Restrict user roles that can edit content to trusted administrators only
- Implement web application firewall rules to block XSS payload patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP Meta SEO version. If version is 4.5.13 or lower, you are vulnerable.Check Version:
wp plugin get wp-meta-seo --field=versionVerify Fix Applied:
After updating, verify WP Meta SEO version shows 4.5.14 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to admin-ajax.php or plugin endpoints
- Suspicious script tags in database content fields
- Multiple failed login attempts followed by successful contributor/admin login
Network Indicators:
- Outbound connections to suspicious domains from your WordPress server
- Unexpected redirects from your WordPress pages
SIEM Query:
source="wordpress.log" AND ("wp-meta-seo" OR "admin-ajax") AND ("script" OR "onerror" OR "javascript:")