CVE-2024-6011
📋 TL;DR
The Cost Calculator Builder WordPress plugin has a stored XSS vulnerability that allows authenticated administrators to inject malicious scripts into website pages. These scripts execute when users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. Only WordPress sites using vulnerable versions of this specific plugin are affected.
💻 Affected Systems
- WordPress Cost Calculator Builder plugin
📦 What is this software?
Cost Calculator Builder by Stylemixthemes
⚠️ Risk & Real-World Impact
Worst Case
Administrator account compromise leads to site takeover, data theft, malware distribution to visitors, and complete loss of website integrity.
Likely Case
Malicious administrator injects scripts to steal user session cookies, redirect visitors to phishing sites, or deface the website.
If Mitigated
With proper access controls and monitoring, impact is limited to potential data exposure from users visiting injected pages.
🎯 Exploit Status
Exploitation requires administrator credentials; proof-of-concept details are publicly available in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.13 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3108606/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Cost Calculator Builder' and click 'Update Now'. 4. Verify version is 3.2.13 or higher.
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the Cost Calculator Builder plugin until patched.
wp plugin deactivate cost-calculator-builder
wp plugin delete cost-calculator-builder
Restrict administrator access
allLimit administrator accounts to trusted personnel only and implement multi-factor authentication.
🧯 If You Can't Patch
- Implement web application firewall with XSS protection rules
- Regularly audit administrator accounts and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Cost Calculator Builder → Version. If version is 3.2.12 or lower, system is vulnerable.Check Version:
wp plugin get cost-calculator-builder --field=versionVerify Fix Applied:
After update, confirm version is 3.2.13 or higher in plugin details.📡 Detection & Monitoring
Log Indicators:
- Unusual administrator activity modifying calculator fields
- HTTP requests containing suspicious script tags in 'textarea.description' parameter
Network Indicators:
- Unexpected JavaScript execution from calculator pages
- External script loads from calculator form submissions
SIEM Query:
source="wordpress.log" AND "textarea.description" AND ("<script>" OR "javascript:")🔗 References
- https://drive.google.com/file/d/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4AY/view?usp=sharing
- https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/templates/frontend/fields/cost-text.php#L15
- https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/templates/frontend/fields/cost-text.php#L26
- https://plugins.trac.wordpress.org/changeset/3108606/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=cve
- https://drive.google.com/file/d/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4AY/view?usp=sharing
- https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/templates/frontend/fields/cost-text.php#L15
- https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/templates/frontend/fields/cost-text.php#L26
- https://plugins.trac.wordpress.org/changeset/3108606/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=cve
