CVE-2024-8119 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-8119?

CVE-2024-8119 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows unauthenticated attackers to inject malicious scripts via the page parameter in the WP Extended WordPress plugin. When a user clicks a specially crafted link, the script executes in their browser, potentially stealing cookies or session data. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious scripts via the page parameter in the WP Extended WordPress plugin. When a user clicks a specially crafted link, the script executes in their browser, potentially stealing cookies or session data. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

The Ultimate WordPress Toolkit – WP Extended

Versions: All versions up to and including 3.0.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin enabled are affected regardless of configuration.

📦 What is this software?

Wp Extended by Wpextended

View all CVEs affecting Wp Extended →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain administrative access to WordPress, install backdoors, deface websites, or exfiltrate sensitive data.

🟠

Likely Case

Attackers steal user session cookies, perform actions as those users, or redirect users to malicious sites.

🟢

If Mitigated

Script execution is blocked by Content Security Policy or browser XSS filters, limiting impact to minor data leakage.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS requires tricking users into clicking malicious links but requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.9 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'The Ultimate WordPress Toolkit – WP Extended'. 4. Click 'Update Now' if available. 5. If not, download version 3.0.9+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate wpextended

Web Application Firewall Rule

all

Block requests containing malicious script patterns in the page parameter.

🧯 If You Can't Patch

Implement Content Security Policy headers to restrict script execution.
Use browser security extensions that block reflected XSS attacks.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 3.0.8 or lower, you are vulnerable.

Check Version:

wp plugin get wpextended --field=version

Verify Fix Applied:

Confirm plugin version is 3.0.9 or higher after update.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with page parameter containing script tags or JavaScript code
Unusual referrer URLs with encoded payloads

Network Indicators:

GET requests with suspicious parameters like ?page=<script>
Traffic patterns showing users clicking on external links then immediately accessing admin pages

SIEM Query:

http.url:*page=* AND (http.url:*<script>* OR http.url:*javascript:* OR http.url:*onerror=*)

📊 Metadata

CVE ID: CVE-2024-8119

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 4, 2024

Last Updated: September 6, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8119, you might also want to check these: