CVE-2024-6870 – The Responsive Lightbox & Gallery WordPress plu... (How to Fix)

Q: What is the severity of CVE-2024-6870?

CVE-2024-6870 has a CVSS score of 6.4 (MEDIUM). The Responsive Lightbox & Gallery WordPress plugin up to version 2.4.7 has a stored XSS vulnerability in its file upload functionality. Authenticated attackers with Author privileges or higher can upload malicious 3gp2 files containing JavaScript that executes when users view the file. This affects all WordPress sites using vulnerable versions of this plugin.

📋 TL;DR

The Responsive Lightbox & Gallery WordPress plugin up to version 2.4.7 has a stored XSS vulnerability in its file upload functionality. Authenticated attackers with Author privileges or higher can upload malicious 3gp2 files containing JavaScript that executes when users view the file. This affects all WordPress sites using vulnerable versions of this plugin.

💻 Affected Systems

Products:

Responsive Lightbox & Gallery WordPress Plugin

Versions: All versions up to and including 2.4.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with plugin enabled and at least one user with Author role or higher.

📦 What is this software?

Responsive Lightbox by Dfactory

View all CVEs affecting Responsive Lightbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal admin credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with Author accounts inject malicious scripts to steal session cookies or redirect users to phishing pages.

🟢

If Mitigated

With proper user role management and file upload restrictions, impact is limited to content manipulation within Author privileges.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with Author privileges. The vulnerability is in a publicly accessible AJAX endpoint with insufficient input validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.8

Vendor Advisory: https://wordpress.org/plugins/responsive-lightbox/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Responsive Lightbox & Gallery'. 4. Click 'Update Now' if available, or manually update to version 2.4.8+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate responsive-lightbox

Restrict user roles

all

Review and minimize users with Author or higher privileges

🧯 If You Can't Patch

Implement strict file upload restrictions to block 3gp2 files
Add web application firewall rules to detect and block XSS payloads in file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Responsive Lightbox & Gallery' version 2.4.7 or lower

Check Version:

wp plugin get responsive-lightbox --field=version

Verify Fix Applied:

Verify plugin version is 2.4.8 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-admin/admin-ajax.php with action=rl_upload_image
Multiple failed upload attempts with 3gp2 files

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with file uploads containing script tags

SIEM Query:

source="wordpress.log" AND ("rl_upload_image" OR "3gp2") AND ("script" OR "javascript" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-6870

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: August 22, 2024

Last Updated: September 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6870, you might also want to check these: