CVE-2024-8914
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the Thanh Toán Quét Mã QR Code Tự Động plugin. When users visit compromised pages, the injected scripts execute in their browsers, potentially stealing session cookies, redirecting to malicious sites, or performing actions on behalf of the user. All WordPress sites using this plugin up to version 2.0.1 are affected.
💻 Affected Systems
- Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface the site, or redirect users to phishing/malware sites.
Likely Case
Attackers inject malicious scripts that steal user session cookies, redirect to phishing pages, or display unwanted advertisements.
If Mitigated
With proper input validation and output escaping, the vulnerability would be prevented, though users should still update to patched versions.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and involves simple script injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.0.1
Vendor Advisory: https://wordpress.org/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Thanh Toán Quét Mã QR Code Tự Động' plugin. 4. Click 'Update Now' if available, or delete and reinstall latest version. 5. Verify plugin version is above 2.0.1.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched version is available
wp plugin deactivate bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
Apply WordPress security plugin
allInstall security plugins like Wordfence that can block XSS attacks
🧯 If You Can't Patch
- Disable the plugin completely if patching is not possible
- Implement web application firewall (WAF) rules to block XSS payloads targeting this plugin
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Thanh Toán Quét Mã QR Code Tự Động' plugin version 2.0.1 or lowerCheck Version:
wp plugin get bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang --field=versionVerify Fix Applied:
Verify plugin version is above 2.0.1 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints with script tags or onclick attributes
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing malicious script payloads targeting plugin endpoints
SIEM Query:
source="web_server" AND ("onclick" OR "javascript:" OR "<script>") AND uri_path="/wp-content/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/"🔗 References
- https://plugins.trac.wordpress.org/browser/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/trunk/inc/functions.php#L184
- https://wordpress.org/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8ef7c48b-e8f2-40bd-aa48-191059e15453?source=cve
