CVE-2024-7304
📋 TL;DR
This vulnerability allows authenticated attackers with Author-level access or higher in WordPress to upload malicious SVG files containing cross-site scripting (XSS) payloads via the Ninja Tables plugin. The scripts execute when users view the SVG files, potentially compromising user sessions or performing unauthorized actions. It affects all WordPress sites using Ninja Tables plugin versions up to and including 5.0.12.
💻 Affected Systems
- Ninja Tables – Easiest Data Table Builder plugin for WordPress
📦 What is this software?
Ninja Tables by Wpmanageninja
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin credentials, deface websites, redirect users to malicious sites, or perform actions as authenticated users, leading to full site compromise.
Likely Case
Attackers inject malicious scripts to steal user cookies or session tokens, enabling account takeover or data theft from affected users.
If Mitigated
With proper access controls and input validation, impact is limited to low-privileged user data exposure or minor site disruptions.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via SVG file uploads; weaponization is likely due to common XSS techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0.13 or later
Vendor Advisory: https://wordpress.org/plugins/ninja-tables/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins > Installed Plugins. 3. Find Ninja Tables and click 'Update Now' if available. 4. Alternatively, download the latest version from the WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Restrict SVG file uploads
allDisable SVG file uploads via WordPress functions or security plugins to prevent exploitation.
Add to WordPress theme functions.php: add_filter('upload_mimes', function($mimes) { unset($mimes['svg']); return $mimes; });
Limit user roles
allRestrict Author-level and higher access to trusted users only to reduce attack surface.
🧯 If You Can't Patch
- Monitor and audit user activity, especially SVG uploads by Author-level users, for suspicious behavior.
- Implement a web application firewall (WAF) to block XSS payloads in file uploads.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 5.0.12 or lower, it is vulnerable.Check Version:
In WordPress, use: wp plugin list --name=ninja-tables --field=version (requires WP-CLI)Verify Fix Applied:
After updating, confirm the plugin version is 5.0.13 or higher in the same location.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads in WordPress logs, especially by Author-level users
- HTTP requests with XSS patterns in file content
Network Indicators:
- Inbound requests uploading SVG files with script tags or JavaScript code
SIEM Query:
Example: source="wordpress" AND (file_extension="svg" AND (content CONTAINS "<script>" OR content CONTAINS "javascript:"))🔗 References
- https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.12/app/Hooks/filters.php#L28
- https://plugins.trac.wordpress.org/changeset/3140370/
- https://plugins.trac.wordpress.org/changeset/3140370/#file408
- https://wordpress.org/plugins/ninja-tables/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b1eb6896-2de3-4d4d-9b5f-253aaffd193b?source=cve
