CVE-2024-5200
📋 TL;DR
This vulnerability in the Postie WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view those settings pages. It affects WordPress sites using Postie plugin versions before 1.9.71, particularly in multisite configurations where unfiltered_html capability is restricted.
💻 Affected Systems
- Postie WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Administrator account compromise leading to site takeover, data theft, or malware distribution to visitors.
Likely Case
Privileged user (admin) could inject malicious scripts affecting other administrators or users viewing plugin settings.
If Mitigated
Limited to authenticated administrators only, with minimal impact if proper user access controls are enforced.
🎯 Exploit Status
Requires administrative access to WordPress, making exploitation less likely but still dangerous if admin credentials are compromised.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.71
Vendor Advisory: https://wpscan.com/vulnerability/4a517cf0-886a-47f1-a433-54a2288b2851/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Postie plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.9.71+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the Postie plugin until patched to prevent exploitation.
wp plugin deactivate postie
🧯 If You Can't Patch
- Restrict administrative access to only trusted users with strong passwords and 2FA
- Implement web application firewall (WAF) rules to block XSS payloads in POST requests to admin-ajax.php
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Postie version number.Check Version:
wp plugin get postie --field=versionVerify Fix Applied:
Verify Postie plugin version is 1.9.71 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with script tags in parameters
- Multiple failed login attempts to admin accounts
Network Indicators:
- HTTP POST requests containing JavaScript payloads to WordPress admin endpoints
SIEM Query:
source="wordpress.log" AND ("admin-ajax.php" OR "postie") AND ("<script>" OR "javascript:" OR "onerror=")