Platform
wordpress
Component
automatorwp
Fixed in
5.0.10
CVE-2024-12626 describes a Reflected Cross-Site Scripting (XSS) vulnerability affecting the AutomatorWP plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts, potentially leading to account takeover and data theft. The vulnerability impacts versions of the plugin up to and including 5.0.9. A patch is available; users are strongly advised to upgrade immediately.
The XSS vulnerability in AutomatorWP allows attackers to inject malicious JavaScript code into web pages viewed by other users. By crafting a malicious URL containing the 'a-0-o-searchfieldvalue' parameter, an attacker can trick a user into visiting the crafted page. When the user visits the page, the injected script executes in their browser context, allowing the attacker to steal cookies, redirect the user to a phishing site, or perform actions on their behalf. The plugin's import and code action features amplify the risk, as malicious code could be injected into automated workflows, impacting a wider range of users. This vulnerability is particularly concerning given the plugin's popularity and the potential for widespread exploitation.
CVE-2024-12626 was publicly disclosed on December 19, 2024. No known exploitation campaigns have been reported at the time of writing, but the ease of exploitation and the plugin's popularity suggest a high probability of exploitation. There are currently public proof-of-concept exploits available, increasing the risk. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
3.28% (87% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-12626 is to upgrade the AutomatorWP plugin to a version higher than 5.0.9, which contains the necessary fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious input in the 'a-0-o-searchfieldvalue' parameter. Additionally, carefully review any code actions or import processes within the plugin for potentially malicious scripts. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Update the AutomatorWP plugin to the latest available version. The vulnerability exists in versions prior to the most recent. The update will fix the Cross-Site Scripting (XSS) vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-12626 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in the AutomatorWP WordPress plugin, allowing attackers to inject malicious scripts via a URL parameter.
You are affected if you are using AutomatorWP plugin versions equal to or less than 5.0.9. Immediately check your plugin version and upgrade if necessary.
Upgrade the AutomatorWP plugin to a version greater than 5.0.9. Consider implementing a WAF rule as a temporary mitigation if upgrading is not immediately possible.
While no active campaigns have been confirmed, public proof-of-concept exploits exist, indicating a high probability of exploitation.
Refer to the AutomatorWP plugin's official website or WordPress plugin repository for the latest security advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.