CVE-2024-6334
📋 TL;DR
This vulnerability in the Easy Table of Contents WordPress plugin allows authenticated users with editor-level privileges or higher to inject malicious scripts into plugin settings. The stored XSS payload executes when other users view affected pages, even when WordPress unfiltered_html capability is disabled. Only WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Easy Table of Contents WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with editor privileges could steal administrator credentials, deface the website, or redirect users to malicious sites, potentially leading to complete site compromise.
Likely Case
Malicious editors could inject tracking scripts, display unwanted content, or perform limited session hijacking against users viewing affected pages.
If Mitigated
With proper user role management and content filtering, impact is limited to visual disruptions or minor data leakage from users viewing malicious content.
🎯 Exploit Status
Exploitation requires authenticated access with editor or higher privileges. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.67.1
Vendor Advisory: https://wpscan.com/vulnerability/6c09083c-6960-4369-8c5c-ad20e34aaa8b/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Easy Table of Contents' and click 'Update Now'. 4. Verify version is 2.0.67.1 or higher.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patching is possible
wp plugin deactivate easy-table-of-contents
Restrict Editor Privileges
allTemporarily downgrade or remove editor roles from untrusted users
wp user set-role <username> author
🧯 If You Can't Patch
- Implement strict user role management to limit editor privileges to trusted personnel only
- Deploy web application firewall rules to block XSS payloads in plugin settings endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Easy Table of Contents → Version number. If version is below 2.0.67.1, system is vulnerable.Check Version:
wp plugin get easy-table-of-contents --field=versionVerify Fix Applied:
Confirm plugin version is 2.0.67.1 or higher in WordPress admin panel. Test editor role users cannot inject scripts in plugin settings.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin.php?page=table-of-contents with script tags in parameters
- Multiple failed XSS attempts from same editor accounts
Network Indicators:
- HTTP requests containing <script> tags to plugin administration endpoints
- Unexpected JavaScript execution on pages using the table of contents plugin
SIEM Query:
source="wordpress.log" AND ("admin.php?page=table-of-contents" AND ("<script>" OR "javascript:"))