Login Sign Up

CVE-2024-8505

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in the WordPress Infinite Scroll plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. When users visit compromised pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 7.1.2 are affected.

💻 Affected Systems

Products:
  • WordPress Infinite Scroll – Ajax Load More plugin
Versions: All versions up to and including 7.1.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin enabled. Contributor-level access or higher is needed to exploit.

📦 What is this software?

Ajax Load More by Connekthq

View all CVEs affecting Ajax Load More →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with contributor accounts inject malicious scripts to steal user session cookies or credentials, potentially compromising user accounts.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is prevented, and only trusted users can modify plugin settings.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has contributor privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.3 or later

Vendor Advisory: https://wordpress.org/plugins/ajax-load-more/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Ajax Load More' and click 'Update Now'. 4. Verify the plugin version is 7.1.3 or higher.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Ajax Load More plugin until patched

wp plugin deactivate ajax-load-more

Restrict user roles

all

Limit contributor-level access to trusted users only

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads in 'button_label' parameter
  • Apply strict Content Security Policy (CSP) headers to limit script execution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Ajax Load More version 7.1.2 or lower

Check Version:

wp plugin get ajax-load-more --field=version

Verify Fix Applied:

Confirm plugin version is 7.1.3 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to wp-admin with 'button_label' parameter containing script tags
  • Multiple failed login attempts followed by successful contributor login

Network Indicators:

  • HTTP requests with JavaScript payloads in button_label parameter
  • Unexpected outbound connections from WordPress site

SIEM Query:

source="wordpress.log" AND "button_label" AND ("<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-8505
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-87
Published: October 2, 2024
Last Updated: October 7, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8505, you might also want to check these:

CVE-2023-35156 9.6

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject...

Same vulnerability type (CWE-87)
CVE-2023-35158 9.6

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject...

Same vulnerability type (CWE-87)
CVE-2023-35160 9.6

This vulnerability allows attackers to inject malicious JavaScript into XWiki pages by crafting URLs...

Same vulnerability type (CWE-87)