CVE-2024-6753
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Social Auto Poster plugin. When users visit compromised pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using Social Auto Poster plugin versions up to 5.3.14 are affected.
💻 Affected Systems
- Social Auto Poster WordPress Plugin
📦 What is this software?
Social Auto Poster by Wpwebinfotech
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect visitors to malicious sites, leading to complete site compromise and data theft.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, redirect users to phishing pages, or deface website content.
If Mitigated
With proper web application firewalls and input validation, the attack would be blocked, preventing script execution and limiting impact to failed exploitation attempts.
🎯 Exploit Status
Exploitation requires sending crafted AJAX requests to the vulnerable endpoint. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.15 or later
Vendor Advisory: https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Social Auto Poster and click 'Update Now'. 4. Verify plugin version is 5.3.15 or higher.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allTemporarily disable the vulnerable wpw_auto_poster_map_wordpress_post_type AJAX function
Add to theme's functions.php: remove_action('wp_ajax_wpw_auto_poster_map_wordpress_post_type', 'wpw_auto_poster_map_wordpress_post_type');
Add to theme's functions.php: remove_action('wp_ajax_nopriv_wpw_auto_poster_map_wordpress_post_type', 'wpw_auto_poster_map_wordpress_post_type');
Enable WordPress security plugin
allConfigure Wordfence or similar security plugin to block XSS attacks
Install Wordfence plugin via WordPress admin
Enable Web Application Firewall in Wordfence settings
🧯 If You Can't Patch
- Disable Social Auto Poster plugin completely
- Implement strict Content Security Policy headers to block inline scripts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Social Auto Poster version. If version is 5.3.14 or lower, site is vulnerable.Check Version:
wp plugin list --name='Social Auto Poster' --field=versionVerify Fix Applied:
After updating, verify Social Auto Poster version shows 5.3.15 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with 'action=wpw_auto_poster_map_wordpress_post_type' containing script tags
- Unusual JavaScript payloads in WordPress database posts/pages
Network Indicators:
- HTTP requests with mapTypes parameter containing JavaScript code
- Multiple AJAX requests to vulnerable endpoint from single IP
SIEM Query:
source="wordpress.log" AND "wpw_auto_poster_map_wordpress_post_type" AND ("<script>" OR "javascript:")🔗 References
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve
- https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve
