Login Sign Up

CVE-2024-5647

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in WordPress plugins allows authenticated attackers with contributor-level access or higher to inject malicious scripts that execute when users view compromised pages. The vulnerability stems from insufficient input sanitization in the Magnific Popups library version 1.1.0. Multiple WordPress plugins using this vulnerable library are affected.

💻 Affected Systems

Products:
  • WordPress plugins using Magnific Popups library version 1.1.0
  • Bold Page Builder
  • Essential Addons for Elementor Lite
  • Robo Gallery
  • Shortcodes Ultimate
Versions: Versions containing Magnific Popups library 1.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with vulnerable plugins installed and contributor-level users or higher.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper access controls and input validation, impact is limited to isolated script execution without privilege escalation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access (contributor or higher). Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Magnific Popups 1.2.0

Vendor Advisory: https://github.com/dimsemenov/Magnific-Popup/releases/tag/1.2.0

Restart Required: No

Instructions:

1. Update all affected WordPress plugins to versions using Magnific Popups 1.2.0 or higher. 2. Check plugin changelogs for security updates. 3. Update plugins through WordPress admin panel or manually replace vulnerable files.

🔧 Temporary Workarounds

Manual library update

linux

Replace vulnerable Magnific Popups 1.1.0 files with version 1.2.0 in plugin directories

cd /path/to/wordpress/wp-content/plugins/
find . -name '*magnific-popup*' -type f -exec grep -l '1.1.0' {} \;
Replace identified files with version 1.2.0 from GitHub

🧯 If You Can't Patch

  • Restrict contributor-level user creation and review existing contributor accounts
  • Implement web application firewall rules to block XSS payloads in plugin parameters

🔍 How to Verify

Check if Vulnerable:

Search plugin directories for files containing 'magnific-popup' and check if they reference version 1.1.0

Check Version:

grep -r 'magnific-popup\|1\.1\.0' /path/to/wordpress/wp-content/plugins/

Verify Fix Applied:

Verify plugin files reference Magnific Popups version 1.2.0 or higher, or check that HTML loading is disabled in popup fields

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to plugin endpoints with script tags
  • Multiple page edits by contributor users in short time

Network Indicators:

  • Outbound connections to suspicious domains after visiting specific pages
  • Unexpected script loads from page content

SIEM Query:

source="wordpress.log" AND ("magnific-popup" OR "popup.js") AND ("script" OR "onerror" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-5647
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.07% exploit probability (20.5th percentile)
Published: July 3, 2025
Last Updated: July 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5647, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)