CVE-2024-5573
📋 TL;DR
The Easy Table of Contents WordPress plugin before version 2.0.66 contains a stored cross-site scripting (XSS) vulnerability in plugin settings. This allows authenticated users with editor-level privileges or higher to inject malicious scripts that execute when other users view affected pages. The vulnerability bypasses WordPress's unfiltered_html security restriction.
💻 Affected Systems
- Easy Table of Contents WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with editor privileges could inject malicious JavaScript that steals administrator credentials, redirects users to malicious sites, or performs actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Malicious editors could inject scripts that display unwanted content, redirect users, or steal session cookies from other users viewing the affected pages.
If Mitigated
With proper user access controls limiting editor privileges to trusted individuals only, the risk is significantly reduced to authorized users making accidental or intentional content modifications.
🎯 Exploit Status
Exploitation requires authenticated access with editor privileges or higher. The vulnerability is publicly documented with technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.66
Vendor Advisory: https://wpscan.com/vulnerability/3b01044b-355f-40d3-8e11-23a890f98c76/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Easy Table of Contents'. 4. Click 'Update Now' if available, or manually update to version 2.0.66 or later. 5. Verify the plugin version after update.
🔧 Temporary Workarounds
Remove Editor Privileges
allTemporarily downgrade or remove editor privileges from untrusted users until patching is complete.
Disable Plugin
allDeactivate the Easy Table of Contents plugin if not essential for site functionality.
🧯 If You Can't Patch
- Implement strict user access controls to limit editor privileges to only essential, trusted personnel
- Enable WordPress security plugins with XSS protection and monitor for suspicious user activity
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Easy Table of Contents version. If version is below 2.0.66, the system is vulnerable.Check Version:
wp plugin list --name='easy-table-of-contents' --field=versionVerify Fix Applied:
Confirm the plugin version is 2.0.66 or higher in WordPress admin panel. Test that editor users cannot inject scripts in plugin settings.📡 Detection & Monitoring
Log Indicators:
- Unusual plugin setting modifications by editor users
- Multiple failed login attempts followed by plugin setting changes
Network Indicators:
- Unexpected JavaScript payloads in HTTP POST requests to wp-admin/admin-ajax.php or similar endpoints
SIEM Query:
source="wordpress" AND (event_type="plugin_setting_change" OR event_type="admin_ajax") AND user_role="editor" AND plugin_name="easy-table-of-contents"