Login Sign Up

CVE-2024-5032

4.7 MEDIUM
Cross-Site Scripting

📋 TL;DR

The SULly WordPress plugin before version 4.3.1 contains a reflected cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via unsanitized parameters, which execute when viewed by administrators or other high-privilege users. This affects WordPress sites using vulnerable versions of the SULly plugin.

💻 Affected Systems

Products:
  • SULly WordPress Plugin
Versions: All versions before 4.3.1
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with SULly plugin enabled. Vulnerability is in plugin code, not core WordPress.

📦 What is this software?

Sully by Toolstack

View all CVEs affecting Sully →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full site takeover, data theft, or malware distribution to visitors.

🟠

Likely Case

Session hijacking of admin accounts, privilege escalation, or defacement of the WordPress site.

🟢

If Mitigated

Limited impact if administrators use browsers with XSS protection or have strict CSP policies.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link). No authentication needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1

Vendor Advisory: https://wpscan.com/vulnerability/4bb92693-23b3-4250-baee-af38b7e615e0/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find SULly plugin and click 'Update Now'. 4. Verify version shows 4.3.1 or higher.

🔧 Temporary Workarounds

Disable SULly Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible.

wp plugin deactivate sully

Implement Content Security Policy

all

Add CSP headers to block inline script execution and mitigate XSS impact.

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or use WordPress security plugins to configure CSP

🧯 If You Can't Patch

  • Restrict admin panel access to trusted IP addresses only using firewall rules or .htaccess restrictions.
  • Educate administrators to never click untrusted links while logged into WordPress admin.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for SULly version. If version is below 4.3.1, system is vulnerable.

Check Version:

wp plugin list --name=sully --field=version

Verify Fix Applied:

Confirm SULly plugin version is 4.3.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET/POST requests to WordPress admin URLs with suspicious parameters containing script tags or JavaScript code.
  • Multiple failed login attempts following suspicious parameter requests.

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript in query parameters to WordPress admin pages.

SIEM Query:

source="wordpress.log" AND (uri="*admin*" OR uri="*wp-admin*") AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-5032
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CWE: CWE-79
Published: July 13, 2024
Last Updated: May 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5032, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)