CVE-2024-5561 – This vulnerability in the Popup Maker WordPress... (How to Fix)

Q: What is the severity of CVE-2024-5561?

CVE-2024-5561 has a CVSS score of 4.8 (MEDIUM). This vulnerability in the Popup Maker WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view pages containing those popups. It affects WordPress sites using Popup Maker versions before 1.19.1, particularly in multisite configurations where unfiltered_html capability is restricted.

📋 TL;DR

This vulnerability in the Popup Maker WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view pages containing those popups. It affects WordPress sites using Popup Maker versions before 1.19.1, particularly in multisite configurations where unfiltered_html capability is restricted.

💻 Affected Systems

Products:

Popup Maker WordPress Plugin

Versions: All versions before 1.19.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin-level access to exploit. Particularly relevant for WordPress multisite installations where unfiltered_html capability is disabled by default.

📦 What is this software?

Popup Maker by Code Atlantic

View all CVEs affecting Popup Maker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with admin privileges could inject persistent XSS payloads that steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.

🟠

Likely Case

Malicious admin injects JavaScript that steals user session cookies or credentials when users visit pages with the compromised popup.

🟢

If Mitigated

With proper user access controls and regular admin account monitoring, impact is limited to potential data leakage from users who view the malicious popup.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges. The vulnerability is publicly documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.19.1

Vendor Advisory: https://wpscan.com/vulnerability/6a87cc25-bd7d-40e3-96f9-26646cd6f736/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Popup Maker and click 'Update Now'. 4. Verify version shows 1.19.1 or higher.

🔧 Temporary Workarounds

Remove Admin Access

all

Temporarily restrict admin access to only essential personnel until patch is applied.

Disable Plugin

linux

Deactivate Popup Maker plugin if not critically needed.

wp plugin deactivate popup-maker

🧯 If You Can't Patch

Implement strict monitoring of admin user activities and plugin settings changes
Apply web application firewall rules to block common XSS payload patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Popup Maker version. If version is below 1.19.1, system is vulnerable.

Check Version:

wp plugin get popup-maker --field=version

Verify Fix Applied:

Confirm Popup Maker version shows 1.19.1 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual admin user modifying popup settings
JavaScript injection patterns in plugin configuration

Network Indicators:

Unexpected external script loads from popup content

SIEM Query:

source="wordpress" AND (event="plugin_edit" OR event="option_update") AND plugin="popup-maker"

📊 Metadata

CVE ID: CVE-2024-5561

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 9, 2024

Last Updated: October 7, 2024

🔗 References

https://wpscan.com/vulnerability/6a87cc25-bd7d-40e3-96f9-26646cd6f736/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5561, you might also want to check these: