CVE-2024-5002

4.8 MEDIUM

Cross-Site Scripting

📋 TL;DR

This vulnerability in the User Submitted Posts WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view those settings. It affects WordPress sites using vulnerable versions of this plugin, particularly in multisite configurations where unfiltered_html capability is restricted. Attackers with admin privileges can perform stored cross-site scripting attacks.

💻 Affected Systems

Products:

• User Submitted Posts WordPress plugin

Versions: All versions before 20240516

Operating Systems: All platforms running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin-level privileges to exploit. Particularly relevant in WordPress multisite installations where unfiltered_html capability is disallowed by default.

📦 What is this software?

User Submitted Posts by Plugin Planet

View all CVEs affecting User Submitted Posts →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with compromised admin credentials could inject persistent malicious scripts that steal session cookies, redirect users to phishing sites, or perform actions on behalf of authenticated users across the entire WordPress site.

🟠

Likely Case

Malicious administrator or compromised admin account injects JavaScript payloads that execute in victims' browsers when they access plugin settings pages, potentially leading to session hijacking or credential theft.

🟢

If Mitigated

With proper access controls and admin account security, impact is limited to authorized administrators intentionally misusing their privileges.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges. Attack involves injecting JavaScript into plugin settings fields that lack proper sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20240516

Vendor Advisory: https://wpscan.com/vulnerability/da09b99a-fa40-428f-80b4-0af764fd2f4f/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'User Submitted Posts' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 20240516+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary plugin deactivation

all

Disable the vulnerable plugin until patched

Copy

wp plugin deactivate user-submitted-posts

Restrict admin access

all

Implement strict access controls and monitoring for admin accounts

🧯 If You Can't Patch

• Remove admin privileges from untrusted users and implement strict admin account security
• Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Copy

Check plugin version in WordPress admin under Plugins → Installed Plugins. Look for 'User Submitted Posts' version number.

Check Version:

Copy

wp plugin get user-submitted-posts --field=version

Verify Fix Applied:

Copy

Confirm plugin version is 20240516 or later. Test that script tags in plugin settings fields are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

• Unusual admin activity modifying plugin settings
• JavaScript payloads in plugin option updates

Network Indicators:

• Unexpected external script loads from WordPress admin pages

SIEM Query:

Copy

source="wordpress" AND (event="plugin_settings_update" OR event="option_update") AND data CONTAINS "<script>"

📊 Metadata

CVE ID: CVE-2024-5002

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: July 13, 2024

Last Updated: May 13, 2025

🔗 References

• https://wpscan.com/vulnerability/da09b99a-fa40-428f-80b4-0af764fd2f4f/ Exploit,Third Party Advisory
• https://wpscan.com/vulnerability/da09b99a-fa40-428f-80b4-0af764fd2f4f/ Exploit,Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5002, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)