Platform
wordpress
Component
automatorwp
Opgelost in
5.0.10
CVE-2024-12626 describes a Reflected Cross-Site Scripting (XSS) vulnerability affecting the AutomatorWP plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts, potentially leading to account takeover and data theft. The vulnerability impacts versions of the plugin up to and including 5.0.9. A patch is available; users are strongly advised to upgrade immediately.
The XSS vulnerability in AutomatorWP allows attackers to inject malicious JavaScript code into web pages viewed by other users. By crafting a malicious URL containing the 'a-0-o-searchfieldvalue' parameter, an attacker can trick a user into visiting the crafted page. When the user visits the page, the injected script executes in their browser context, allowing the attacker to steal cookies, redirect the user to a phishing site, or perform actions on their behalf. The plugin's import and code action features amplify the risk, as malicious code could be injected into automated workflows, impacting a wider range of users. This vulnerability is particularly concerning given the plugin's popularity and the potential for widespread exploitation.
CVE-2024-12626 was publicly disclosed on December 19, 2024. No known exploitation campaigns have been reported at the time of writing, but the ease of exploitation and the plugin's popularity suggest a high probability of exploitation. There are currently public proof-of-concept exploits available, increasing the risk. This vulnerability is not currently listed on the CISA KEV catalog.
Websites using the AutomatorWP plugin, particularly those with user accounts or sensitive data, are at risk. Shared hosting environments where multiple WordPress sites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others. Users who rely on the plugin's import and code action features are especially vulnerable.
• wordpress / composer / npm:
grep -r 'a-0-o-search_field_value' /var/www/html/wp-content/plugins/automatorwp/• generic web:
curl -I 'https://your-wordpress-site.com/?a-0-o-search_field_value=<script>alert("XSS")</script>' | grep -i 'script'disclosure
Exploit Status
EPSS
3.28% (87% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-12626 is to upgrade the AutomatorWP plugin to a version higher than 5.0.9, which contains the necessary fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious input in the 'a-0-o-searchfieldvalue' parameter. Additionally, carefully review any code actions or import processes within the plugin for potentially malicious scripts. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Werk de AutomatorWP plugin bij naar de laatste beschikbare versie. De kwetsbaarheid is aanwezig in eerdere versies dan de meest recente. De update zal de Cross-Site Scripting (XSS) kwetsbaarheid verhelpen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-12626 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in the AutomatorWP WordPress plugin, allowing attackers to inject malicious scripts via a URL parameter.
You are affected if you are using AutomatorWP plugin versions equal to or less than 5.0.9. Immediately check your plugin version and upgrade if necessary.
Upgrade the AutomatorWP plugin to a version greater than 5.0.9. Consider implementing a WAF rule as a temporary mitigation if upgrading is not immediately possible.
While no active campaigns have been confirmed, public proof-of-concept exploits exist, indicating a high probability of exploitation.
Refer to the AutomatorWP plugin's official website or WordPress plugin repository for the latest security advisory and update information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.