Login Sign Up

CVE-2024-5254

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the Ultimate Addons for WPBakery plugin. The scripts execute whenever users visit the compromised pages, enabling cross-site scripting attacks. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • Ultimate Addons for WPBakery WordPress Plugin
Versions: All versions up to and including 3.19.20
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin enabled. Contributor-level access or higher needed for exploitation.

📦 What is this software?

Ultimate Addons For Wpbakery Page Builder by Brainstormforce

View all CVEs affecting Ultimate Addons For Wpbakery Page Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, redirect users to malicious sites, deface websites, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, redirect visitors to phishing pages, or display unwanted content.

🟢

If Mitigated

With proper user role management and input validation, impact is limited to low-privileged user account compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has contributor-level credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.19.21 or later

Vendor Advisory: https://ultimate.brainstormforce.com/changelog/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Ultimate Addons for WPBakery'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and upload manually.

🔧 Temporary Workarounds

Remove Contributor Role Access

all

Temporarily restrict contributor-level users from creating or editing posts until patch is applied.

Use WordPress role management plugins or custom code to modify capabilities

Disable Ultimate Info Banner Shortcode

all

Remove or disable the vulnerable shortcode functionality.

Add remove_shortcode('ultimate_info_banner'); to theme functions.php

🧯 If You Can't Patch

  • Implement strict input validation and output escaping for all user-supplied data in custom code
  • Use web application firewall (WAF) rules to block XSS payloads targeting the ultimate_info_banner shortcode

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Ultimate Addons for WPBakery → Version number. If version is 3.19.20 or lower, system is vulnerable.

Check Version:

wp plugin list --name='Ultimate Addons for WPBakery' --field=version (WP-CLI)

Verify Fix Applied:

Confirm plugin version is 3.19.21 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual post/page edits by contributor-level users
  • HTTP requests containing 'ultimate_info_banner' with script tags

Network Indicators:

  • Outbound connections to suspicious domains from WordPress pages
  • Unexpected JavaScript execution in page responses

SIEM Query:

source="wordpress.log" AND ("ultimate_info_banner" AND ("script" OR "javascript" OR "onload"))

📊 Metadata

CVE ID: CVE-2024-5254
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 17, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5254, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)