CVE-2024-50437
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in the GeoDirectory WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. All WordPress sites using GeoDirectory versions up to 2.3.80 are affected. The vulnerability occurs due to improper input sanitization during web page generation.
💻 Affected Systems
- WordPress GeoDirectory Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.
Likely Case
Attackers inject malicious JavaScript that steals user session cookies or credentials when users visit compromised pages, leading to account takeover.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing successful exploitation.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited and weaponization is likely given the widespread use of WordPress plugins.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.81 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/geodirectory/wordpress-geodirectory-plugin-2-3-80-cross-site-scripting-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find GeoDirectory and click 'Update Now'. 4. Verify update to version 2.3.81 or later.
🔧 Temporary Workarounds
Input Sanitization Filter
allAdd custom input sanitization filters for GeoDirectory fields
Add WordPress filter hooks to sanitize GeoDirectory input before processing
Content Security Policy
allImplement strict Content Security Policy headers to prevent script execution
Header set Content-Security-Policy "default-src 'self'; script-src 'self'" in .htaccess or web server config
🧯 If You Can't Patch
- Disable GeoDirectory plugin until patched
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for GeoDirectory versionCheck Version:
wp plugin list --name=geodirectory --field=version (if WP-CLI installed)Verify Fix Applied:
Verify GeoDirectory version is 2.3.81 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to GeoDirectory endpoints with script tags
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing script injection patterns to GeoDirectory URLs
SIEM Query:
source="web_server" AND (uri="*geodirectory*" AND (body="*<script>*" OR body="*javascript:*"))