CVE-2024-8983
📋 TL;DR
The Custom Twitter Feeds WordPress plugin before version 2.2.3 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticated administrators to inject malicious scripts that execute when other users view affected pages, even in WordPress multisite configurations where unfiltered_html is restricted. Only WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Custom Twitter Feeds WordPress Plugin
📦 What is this software?
Custom Twitter Feeds by Smashballoon
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Malicious admin or compromised admin account injects tracking scripts or defaces the site by modifying plugin settings pages that other users access.
If Mitigated
With proper access controls and admin account security, impact is limited to authorized administrators intentionally misusing their privileges.
🎯 Exploit Status
Exploitation requires admin access to WordPress. The vulnerability is in plugin settings that admins can modify.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.3
Vendor Advisory: https://wpscan.com/vulnerability/29194dde-8d11-4096-a5ae-1d69c2c5dc33/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Custom Twitter Feeds'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.2.3+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate custom-twitter-feeds
Restrict Admin Access
allLimit admin account access to trusted personnel only and implement strong authentication
🧯 If You Can't Patch
- Remove admin access from untrusted users and implement principle of least privilege
- Implement web application firewall (WAF) rules to block XSS payloads in plugin settings
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Custom Twitter Feeds → Version number. If version is below 2.2.3, you are vulnerable.Check Version:
wp plugin get custom-twitter-feeds --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.2.3 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual modifications to plugin settings by admin users
- JavaScript payloads in plugin option values in database
Network Indicators:
- Unexpected external script loads from plugin settings pages
SIEM Query:
source="wordpress" AND (event="plugin_updated" plugin="custom-twitter-feeds" version<"2.2.3") OR (event="option_update" option_name LIKE "ctf_%")