Plattform
wordpress
Komponente
automatorwp
Behoben in
5.0.10
CVE-2024-12626 describes a Reflected Cross-Site Scripting (XSS) vulnerability affecting the AutomatorWP plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts, potentially leading to account takeover and data theft. The vulnerability impacts versions of the plugin up to and including 5.0.9. A patch is available; users are strongly advised to upgrade immediately.
The impact of this XSS vulnerability is significant. An attacker can craft a malicious URL containing the vulnerable parameter, 'a-0-o-searchfieldvalue'. If a user clicks on this link, the attacker's injected script will execute within the user's browser context. This allows the attacker to steal session cookies, redirect the user to a phishing site, or even deface the website. Given the plugin's functionality for automations and integrations, successful exploitation could also compromise connected services and data. The plugin's import and code action features amplify the risk, as malicious code could be injected and executed automatically.
This vulnerability was publicly disclosed on December 19, 2024. While no active exploitation campaigns have been confirmed, the ease of exploitation and the high CVSS score suggest a high probability of exploitation. No Proof-of-Concept (PoC) code has been publicly released as of this writing, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoCs emerging. It is not currently listed on the CISA KEV catalog.
Websites using the AutomatorWP plugin, particularly those with user accounts or sensitive data, are at risk. Shared hosting environments where multiple WordPress sites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others. Users who rely on the plugin's import and code action features are especially vulnerable.
• wordpress / composer / npm:
grep -r 'a-0-o-search_field_value' /var/www/html/wp-content/plugins/automatorwp/• generic web:
curl -I 'https://your-wordpress-site.com/?a-0-o-search_field_value=<script>alert("XSS")</script>' | grep -i 'script'disclosure
Exploit-Status
EPSS
3.28% (87% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade the AutomatorWP plugin to a version higher than 5.0.9, which contains the necessary fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily restricting access to the vulnerable parameter. Web Application Firewall (WAF) rules can be implemented to filter requests containing suspicious input in the 'a-0-o-searchfieldvalue' parameter. Input validation and output encoding should be implemented on the server-side to prevent future XSS vulnerabilities. Regularly review plugin configurations and permissions to minimize the attack surface.
Aktualisieren Sie das AutomatorWP Plugin auf die neueste verfügbare Version. Die Schwachstelle ist in älteren Versionen vorhanden. Das Update behebt die Cross-Site Scripting (XSS) Schwachstelle.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-12626 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in the AutomatorWP WordPress plugin, allowing attackers to inject malicious scripts via a URL parameter.
You are affected if you are using AutomatorWP plugin versions equal to or less than 5.0.9. Immediately check your plugin version and upgrade if necessary.
Upgrade the AutomatorWP plugin to a version greater than 5.0.9. Consider implementing a WAF rule as a temporary mitigation if upgrading is not immediately possible.
While no active campaigns have been confirmed, public proof-of-concept exploits exist, indicating a high probability of exploitation.
Refer to the AutomatorWP plugin's official website or WordPress plugin repository for the latest security advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.